Red Hat Bugzilla – Bug 1261133
RFE: support encryption TLS keys
Last modified: 2017-10-11 06:31:26 EDT
Description of problem: Libvirt supports TLS, but currently requires that the TLS private kley .pem file is stored unencrypted. Libvirt needs to be able to load encrypted keys, with a mechanism for running a helper to decrypt them. This blog posts gives an example of how apache deals with it, whcih would work for libvirt too http://blog-ftweedal.rhcloud.com/2015/09/automatic-decryption-of-tls-private-keys-with-deo/ We also need to figure out how to deal with the same problem for QEMU, which also uses TLS for VNC (and soon, migration, nbd too). In this case prompting the user for keys is not really acceptable, so libvirt might have to pass across a decryption key to QEMU Version-Release number of selected component (if applicable): libvirt-1.2.19