Description of problem: Currently libvirt stores persistent secrets in unencrypted files in /etc/libvirt/secrets. This is not a big security problem since the virtualization host fundamentally must be a trusted component. The secrets are about protecting against rogue storage admins, and/or authenticating with network storage. It would still, however, be desirable to have the secrets stored encrypted to at least make a dedicated forensics attacker have todo some non-trivial work to recover them, even when the HD itself is not encrypted. We could probably leverage something like pkcs11 as a secure storage mechansim to do this. There might be good enough support in gnutls APIs to do this. TBD.
*** This bug has been marked as a duplicate of bug 636152 ***