diff --git a/docs/formatsecret.html.in b/docs/formatsecret.html.in index f03d90ca69..ffaa7dcfb4 100644 --- a/docs/formatsecret.html.in +++ b/docs/formatsecret.html.in @@ -248,7 +248,12 @@
This secret is a general purpose secret to be used by various libvirt objects to provide a single passphrase as required by the object in - order to perform its authentication. + order to perform its authentication. For example, this secret will + be used either by the + storage volume in order to + provide the passphrase to encrypt a luks volume or by the + disk device in order to + provide the passphrase to decrypt the luks volume for usage. Since 2.1.0. The following is an example of a secret.xml file:
diff --git a/docs/formatstorageencryption.html.in b/docs/formatstorageencryption.html.in index 58e1073561..380763e99e 100644 --- a/docs/formatstorageencryption.html.in +++ b/docs/formatstorageencryption.html.in @@ -56,8 +56,20 @@ thesecret
element is not present during volume creation,
a secret is automatically generated and attached to the volume.
+
+ The luks
format is specific to a luks encrypted volume
+ and the secret used in order to either encrypt or decrypt the volume.
+ A single <secret type='passphrase'...>
element is
+ expected. The secret may be referenced via either a uuid
or
+ usage
attribute. One of the two must be present. When
+ present for volume creation, the secret will be used in order for
+ volume encryption. When present for domain usage, the secret will
+ be used as the passphrase to decrypt the volume.
+ Since 2.1.0.
+
Here is a simple example, specifying use of the qcow
format:
@@ -67,5 +79,17 @@
<encryption format='qcow'>
<secret type='passphrase' uuid='c1f11a6d-8c5d-4a3e-ac7a-4e171c5e0d4a' />
</encryption>
+
+
+ Here is a simple example, specifying use of the luks
format
+ where it's assumed that a secret
has been defined using a
+ usage
element with a id
of "luks_example":
+
+ <encryption format='luks'> + <secret type='passphrase' usage='luks_example'/> + </encryption> ++