On Fri, 16 Sep 2011, Tommi Virtanen wrote: > On Thu, Sep 15, 2011 at 13:52, Sage Weil <sage@xxxxxxxxxxxx> wrote: > > +static int buildRBDString(virConnectPtr conn, > ... > > + /* look up secret */ > > + snprintf(idDomain, sizeof(idDomain), "%s/%s", disk->authId, > > + disk->authDomain); > > + sec = virSecretLookupByUsage(conn, > > + VIR_SECRET_USAGE_TYPE_CEPH, > > + idDomain); > ... > > + secret = (char *)conn->secretDriver->getValue(sec, &secret_size, 0, > > + VIR_SECRET_GET_VALUE_INTERNAL_CALL); > > + /* qemu/librbd wants it base64 encoded */ > > + base64_encode_alloc(secret, secret_size, &base64); > > + virBufferEscape(opt, ":", ":key=%s:auth_supported=cephx\\;none", > > + base64); > > If I'm reading this right, that puts the ceph secret on the kvm > command line. That's not good, that makes it visible to anyone on the > host. Yeah, we definitely want something better, but I wanted to make sure the overall approach is fine before doing something too annoying with temporary unlinked files or environment variables or something. sage
