On 2025-04-03 11:04, Thomas Lamprecht wrote: > Am 03.04.25 um 10:34 schrieb Maximiliano Sandoval: >> >> As per systemd-exec's man page, in total one can pass up to 1MB in >> system credentials. A VM config file is certainly not the vehicle for >> such an amount of data and I am also not fully comfortable with putting >> potentially sensitive data as plain-text inside config files or the >> cluster filesystem. I am not fully sure how to approach this long term. >> >> >> There is also the more-secure possibility to pass down system >> credentials from the host to the guest (e.g. ImportCredential= or >> LoadCredential=) but that would have the drawback that there is no >> mechanism to sync them acros a cluster. > > A mapping could abstract most of that away and also use a flag to denote > if a credential is confidential and then safe it in the root-only > /etc/pve/priv path, IIRC we do something similar for notifications > targets like webhooks.
For context: With webhooks, we have 'secrets', which are dedicated key-value pairs which can be configured via the UI. For instance, you could set up a secret with key 'password' and value '12345'. In the URL/Body/Headers we support templating syntax that allows to access secrets via the 'secret' namespace, e.g {{ secret.password }}. All secrets are stored in /etc/pve/priv/notifications.cfg, which is, as you said, only readable by root. -- - Lukas _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel