2013-05-03 15:25:37 +01:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
< html xmlns = "http://www.w3.org/1999/xhtml" >
2009-08-19 21:50:10 +02:00
< body >
< h1 > Storage volume encryption XML format< / h1 >
< ul id = "toc" > < / ul >
< h2 > < a name = "StorageEncryption" > Storage volume encryption XML< / a > < / h2 >
< p >
Storage volumes may be encrypted, the XML snippet described below is used
to represent the details of the encryption. It can be used as a part
of a domain or storage configuration.
< / p >
< p >
The top-level tag of volume encryption specification
is < code > encryption< / code > , with a mandatory
attribute < code > format< / code > . Currently defined values
of < code > format< / code > are < code > default< / code > and < code > qcow< / code > .
Each value of < code > format< / code > implies some expectations about the
content of the < code > encryption< / code > tag. Other format values may be
defined in the future.
< / p >
< p >
The < code > encryption< / code > tag can currently contain a sequence of
< code > secret< / code > tags, each with mandatory attributes < code > type< / code >
and < code > uuid< / code > . The only currently defined value of
< code > type< / code > is < code > passphrase< / code > . < code > uuid< / code >
refers to a secret known to libvirt. libvirt can use a secret value
previously set using < code > virSecretSetValue()< / code > , or, if supported
by the particular volume format and driver, automatically generate a
secret value at the time of volume creation, and store it using the
specified < code > uuid< / code > .
2011-04-01 16:02:10 -06:00
< / p >
2009-08-19 21:50:10 +02:00
< h3 > < a name = "StorageEncryptionDefault" > "default" format< / a > < / h3 >
< p >
< code > < encryption type="default"/> < / code > can be specified only
when creating a volume. If the volume is successfully created, the
encryption formats, parameters and secrets will be auto-generated by
libvirt and the attached < code > encryption< / code > tag will be updated.
The unmodified contents of the < code > encryption< / code > tag can be used
in later operations with the volume, or when setting up a domain that
uses the volume.
< / p >
< h3 > < a name = "StorageEncryptionQcow" > "qcow" format< / a > < / h3 >
< p >
The < code > qcow< / code > format specifies that the built-in encryption
support in < code > qcow< / code > - or < code > qcow2< / code > -formatted volume
images should be used. A single
< code > < secret type='passphrase'> < / code > element is expected. If
the < code > secret< / code > element is not present during volume creation,
a secret is automatically generated and attached to the volume.
< / p >
< h2 > < a name = "example" > Example< / a > < / h2 >
< p >
Here is a simple example, specifying use of the < code > qcow< / code > format:
< / p >
< pre >
< encryption format='qcow'>
< secret type='passphrase' uuid='c1f11a6d-8c5d-4a3e-ac7a-4e171c5e0d4a' />
< /encryption> < / pre >
< / body >
< / html >