Secrets stored by libvirt may have attributes associated with them, using
the secret
element. The secret
element has two
optional attributes, each with values 'yes
' and
'no
', and defaulting to 'no
':
ephemeral
private
The top-level secret
element may contain the following
elements:
uuid
description
usage
type
attribute specifies the usage category, currently
only volume
, ceph
and iscsi
are defined. Specific usage categories are described below.
This secret is associated with a volume, and it is safe to delete the
secret after the volume is deleted. The <usage
type='volume'>
element must contain a
single volume
element that specifies the key of the volume
this secret is associated with.
This secret is associated with a Ceph RBD (rados block device).
The <usage type='ceph'>
element must contain
a single name
element that specifies a usage name
for the secret. The Ceph secret can then be used by UUID or by
this usage name via the <auth>
element of
a disk
device. Since 0.9.7.
This secret is associated with an iSCSI target for CHAP authentication.
The <usage type='iscsi'>
element must contain
a single target
element that specifies a usage name
for the secret. The iSCSI secret can then be used by UUID or by
this usage name via the <auth>
element of
a disk
device. Since 1.0.4.
<secret ephemeral='no' private='yes'> <description>LUKS passphrase for the main hard drive of our mail server</description> <usage type='volume'> <volume>/var/lib/libvirt/images/mail.img</volume> </usage> </secret>