virtsecretd - libvirt secret data management daemon
The virtsecretd program is a server side daemon component of the libvirt virtualization management system.
It is one of a collection of modular daemons that replace functionality previously provided by the monolithic libvirtd daemon.
This daemon runs on virtualization hosts to provide management for secret data.
The virtsecretd daemon only listens for requests on a local Unix domain socket. Remote off-host access and backwards compatibility with legacy clients expecting libvirtd is provided by the virtproxy daemon.
Restarting virtsecretd does not interrupt running guests. Guests continue to operate and changes in their state will generally be picked up automatically during startup. None the less it is recommended to avoid restarting with running guests whenever practical.
The virtsecretd daemon is capable of starting in two modes.
In the traditional mode, it will create and listen on UNIX sockets itself.
In socket activation mode, it will rely on systemd to create and listen on the UNIX sockets and pass them as pre-opened file descriptors. In this mode most of the socket related config options in /etc/libvirt/virtsecretd.conf will no longer have any effect.
Socket activation mode is generally the default when running on a host OS that uses systemd. To revert to the traditional mode, all the socket unit files must be masked:
$ systemctl mask virtsecretd.socket virtsecretd-ro.socket \
Display command line help usage then exit.
Run as a daemon & write PID file.
-f, --config *FILE*
Use this configuration file, overriding the default value.
-p, --pid-file *FILE*
Use this name for the PID file, overriding the default value.
-t, --timeout *SECONDS*
Exit after timeout period (in seconds), provided there are neither any client connections nor any running domains.
Enable output of verbose messages.
Display version information then exit.
On receipt of SIGHUP virtsecretd will reload its configuration.
When run as root
The default configuration file used by virtsecretd, unless overridden on the command line using the -f | --config option.
The sockets virtsecretd will use.
The TLS Server private key virtsecretd will use.
The PID file to use, unless overridden by the -p | --pid-file option.
When run as non-root
The default configuration file used by virtsecretd, unless overridden on the command line using the -f``|--config`` option.
The sockets virtsecretd will use.
The PID file to use, unless overridden by the -p``|--pid-file`` option.
If $XDG_CONFIG_HOME is not set in your environment, virtsecretd will use $HOME/.config
If $XDG_RUNTIME_DIR is not set in your environment, virtsecretd will use $HOME/.cache
To retrieve the version of virtsecretd:
# virtsecretd --version virtsecretd (libvirt) 8.4.0
To start virtsecretd, instructing it to daemonize and create a PID file:
# virtsecretd -d # ls -la /run/virtsecretd.pid -rw-r--r-- 1 root root 6 Jul 9 02:40 /run/virtsecretd.pid
Please report all bugs you discover. This should be done via either:
Alternatively, you may report bugs to your software distributor / vendor.
Please refer to the AUTHORS file distributed with libvirt.
Copyright (C) 2006-2020 Red Hat, Inc., and the authors listed in the libvirt AUTHORS file.
virtsecretd is distributed under the terms of the GNU LGPL v2.1+. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE