On Tue, Feb 10, 2026 at 13:30:12 +0530, Arun Menon via Devel wrote: > Document the new encryption of secrets feature in secretencryption.rst. > > Signed-off-by: Arun Menon <[email protected]> > --- > docs/drvsecret.rst | 4 ++ > docs/meson.build | 1 + > docs/secretencryption.rst | 105 ++++++++++++++++++++++++++++++++++++++ > 3 files changed, 110 insertions(+) > create mode 100644 docs/secretencryption.rst
[...] > + > +Upgrading Libvirt for secret encryption > +--------------------------------------- > +Starting 12.1.0, secrets can be stored on the disk in an encrypted format, > rather than This could also use the 'since' role. > +the default base64 encoding. > + > +Any secret created before upgrading libvirt, remain stored in their original > base64 > +format on the disk. > +A pre-existing secret will only be encrypted if you explicitly update its > value using > +**virsh secret-set-value** after the upgrade, provided that encryption is > enabled in > +secret.conf configuration file. > + > +It is important to note that encrypted secrets are not backwards compatible. > In case of > +a downgrade to an older version of libvirt, the encrypted secrets will not > be loaded from > +the disk. Therefore, before reverting to an older version libvirt, make sure > that all the > +secrets have been reverted to the standard base64 format, to avoid service > disruptions. Reviewed-by: Peter Krempa <[email protected]>
