<html>
  <body>
    <h1>Secret XML format</h1>

    <ul id="toc"></ul>

    <h2><a name="SecretAttributes">Secret XML</a></h2>

    <p>
      Secrets stored by libvirt may have attributes associated with them, using
      the <code>secret</code> element.  The <code>secret</code> element has two
      optional attributes, each with values '<code>yes</code>' and
      '<code>no</code>', and defaulting to '<code>no</code>':
    </p>
    <dl>
      <dt><code>ephemeral</code></dt>
      <dd>This secret must only be kept in memory, never stored persistently.
      </dd>
      <dt><code>private</code></dt>
      <dd>The value of the secret must not be revealed to any caller of libvirt,
        nor to any other node.
      </dd>
    </dl>
    <p>
      The top-level <code>secret</code> element may contain the following
      elements:
    </p>
    <dl>
      <dt><code>uuid</code></dt>
      <dd>
        An unique identifier for this secret (not necessarily in the UUID
        format).  If omitted when defining a new secret, a random UUID is
        generated.
      </dd>
      <dt><code>description</code></dt>
      <dd>A human-readable description of the purpose of the secret.
      </dd>
      <dt><code>usage</code></dt>
      <dd>
        Specifies what this secret is used for.  A mandatory
        <code>type</code> attribute specifies the usage category, currently
        only <code>volume</code> and <code>ceph</code> are defined.
        Specific usage categories are described below.
      </dd>
    </dl>

    <h3>Usage type "volume"</h3>

    <p>
      This secret is associated with a volume, and it is safe to delete the
      secret after the volume is deleted.  The <code>&lt;usage
      type='volume'&gt;</code> element must contain a
      single <code>volume</code> element that specifies the key of the volume
      this secret is associated with.
    </p>

    <h3>Usage type "ceph"</h3>

    <p>
      This secret is associated with a Ceph RBD (rados block device).
      The <code>&lt;usage type='ceph'&gt;</code> element must contain
      a single <code>name</code> element that specifies a usage name
      for the secret.  The Ceph secret can then be used by UUID or by
      this usage name via the <code>&lt;auth&gt;</code> element of
      a <a href="domain.html#elementsDisks">disk
      device</a>. <span class="since">Since 0.9.7</span>.
    </p>

    <h2><a name="example">Example</a></h2>

    <pre>
      &lt;secret ephemeral='no' private='yes'&gt;
         &lt;description&gt;LUKS passphrase for the main hard drive of our mail server&lt;/description&gt;
         &lt;usage type='volume'&gt;
            &lt;volume&gt;/var/lib/libvirt/images/mail.img&lt;/volume&gt;
         &lt;/usage&gt;
      &lt;/secret&gt;</pre>
  </body>
</html>