Description of problem: Libvirt supports TLS, but currently requires that the TLS private kley .pem file is stored unencrypted. Libvirt needs to be able to load encrypted keys, with a mechanism for running a helper to decrypt them. This blog posts gives an example of how apache deals with it, whcih would work for libvirt too http://blog-ftweedal.rhcloud.com/2015/09/automatic-decryption-of-tls-private-keys-with-deo/ We also need to figure out how to deal with the same problem for QEMU, which also uses TLS for VNC (and soon, migration, nbd too). In this case prompting the user for keys is not really acceptable, so libvirt might have to pass across a decryption key to QEMU Version-Release number of selected component (if applicable): libvirt-1.2.19
Encrypted TLS keys are now supported for migration, VNC, chardevs and disk. The only missing bit is for the Spice protocol.
This bug was closed deferred as a result of bug triage. Please reopen if you disagree and provide justification why this bug should get enough priority. Most important would be information about impact on customer or layered product. Please indicate requested target release.