libvirt/docs/formatsecret.html.in

<html>
  <body>
    <h1>Secret XML format</h1>

    <ul id="toc"></ul>

    <h2><a name="SecretAttributes">Secret XML</a></h2>

    <p>
      Secrets stored by libvirt may have attributes associated with them, using
      the <code>secret</code> element.  The <code>secret</code> element has two
      optional attributes, each with values '<code>yes</code>' and
      '<code>no</code>', and defaulting to '<code>no</code>':
    </p>
    <dl>
      <dt><code>ephemeral</code></dt>
      <dd>This secret must only be kept in memory, never stored persistently.
      </dd>
      <dt><code>private</code></dt>
      <dd>The value of the secret must not be revealed to any caller of libvirt,
        nor to any other node.
      </dd>
    </dl>
    <p>
      The top-level <code>secret</code> element may contain the following
      elements:
    </p>
    <dl>
      <dt><code>uuid</code></dt>
      <dd>
        An unique identifier for this secret (not necessarily in the UUID
        format).  If omitted when defining a new secret, a random UUID is
        generated.
      </dd>
      <dt><code>volume</code></dt>
      <dd>Key of a volume this secret is associated with.  It is safe to delete
        the secret after the volume is deleted.
      </dd>
      <dt><code>description</code></dt>
      <dd>A human-readable description of the purpose of the secret.
      </dd>
    </dl>

    <h2><a name="example">Example</a></h2>

    <pre>
      &lt;secret ephemeral='no' private='yes'&gt;
         &lt;volume&gt;/var/lib/libvirt/images/mail.img&lt;/volume&gt;
         &lt;description&gt;LUKS passphrase for the main hard drive of our mail server&lt;/description&gt;
      &lt;/secret&gt;</pre>
  </body>
</html>