On  2025-04-03 11:04, Thomas Lamprecht wrote:
> Am 03.04.25 um 10:34 schrieb Maximiliano Sandoval:
>>
>> As per systemd-exec's man page, in total one can pass up to 1MB in
>> system credentials. A VM config file is certainly not the vehicle for
>> such an amount of data and I am also not fully comfortable with putting
>> potentially sensitive data as plain-text inside config files or the
>> cluster filesystem. I am not fully sure how to approach this long term.
>>
>>
>> There is also the more-secure possibility to pass down system
>> credentials from the host to the guest (e.g. ImportCredential= or
>> LoadCredential=) but that would have the drawback that there is no
>> mechanism to sync them acros a cluster.
> 
> A mapping could abstract most of that away and also use a flag to denote
> if a credential is confidential and then safe it in the root-only
> /etc/pve/priv path, IIRC we do something similar for notifications
> targets like webhooks. 

For context:

With webhooks, we have 'secrets', which are dedicated key-value pairs which can 
be
configured via the UI. For instance, you could set up a secret with key 
'password'
and value '12345'. In the URL/Body/Headers we support templating syntax that 
allows to
access secrets via the 'secret' namespace, e.g {{ secret.password }}.
All secrets are stored in /etc/pve/priv/notifications.cfg, which is, as you 
said,
only readable by root.

-- 
- Lukas



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Reply via email to