1VIRTSECRETD(8) Virtualization Support VIRTSECRETD(8)
2
3
4
6 virtsecretd - libvirt secret data management daemon
7
9 virtsecretd [OPTION]...
10
12 The virtsecretd program is a server side daemon component of the lib‐
13 virt virtualization management system.
14
15 It is one of a collection of modular daemons that replace functionality
16 previously provided by the monolithic libvirtd daemon.
17
18 This daemon runs on virtualization hosts to provide management for se‐
19 cret data.
20
21 The virtsecretd daemon only listens for requests on a local Unix domain
22 socket. Remote access via TLS/TCP and backwards compatibility with
23 legacy clients expecting libvirtd is provided by the virtproxyd daemon.
24
25 Restarting virtsecretd does not interrupt running guests. Guests con‐
26 tinue to operate and changes in their state will generally be picked up
27 automatically during startup. None the less it is recommended to avoid
28 restarting with running guests whenever practical.
29
31 The virtsecretd daemon is capable of starting in two modes.
32
33 Socket activation mode
34 On hosts with systemd it is started in socket activation mode and it
35 will rely on systemd to create and listen on the UNIX sockets and pass
36 them as pre-opened file descriptors. In this mode most of the socket
37 related config options in /etc/libvirt/virtsecretd.conf will no longer
38 have any effect.
39
40 Traditional service mode
41 On hosts without systemd, it will create and listen on UNIX sockets it‐
42 self.
43
45 -h, --help
46
47 Display command line help usage then exit.
48
49 -d, --daemon
50
51 Run as a daemon & write PID file.
52
53 -f, --config *FILE*
54
55 Use this configuration file, overriding the default value.
56
57 -p, --pid-file *FILE*
58
59 Use this name for the PID file, overriding the default value.
60
61 -t, --timeout *SECONDS*
62
63 Exit after timeout period (in seconds), provided there are neither any
64 client connections nor any ephemeral secrets.
65
66 -v, --verbose
67
68 Enable output of verbose messages.
69
70 --version
71
72 Display version information then exit.
73
75 On receipt of SIGHUP virtsecretd will reload its configuration.
76
78 When run as root
79 • /etc/libvirt/virtsecretd.conf
80
81 The default configuration file used by virtsecretd, unless overridden
82 on the command line using the -f | --config option.
83
84 • /run/libvirt/virtsecretd-sock
85
86 • /run/libvirt/virtsecretd-sock-ro
87
88 • /run/libvirt/virtsecretd-admin-sock
89
90 The sockets virtsecretd will use.
91
92 The TLS Server private key virtsecretd will use.
93
94 • /run/virtsecretd.pid
95
96 The PID file to use, unless overridden by the -p | --pid-file option.
97
98 When run as non-root
99 • $XDG_CONFIG_HOME/libvirt/virtsecretd.conf
100
101 The default configuration file used by virtsecretd, unless overridden
102 on the command line using the -f``|--config`` option.
103
104 • $XDG_RUNTIME_DIR/libvirt/virtsecretd-sock
105
106 • $XDG_RUNTIME_DIR/libvirt/virtsecretd-admin-sock
107
108 The sockets virtsecretd will use.
109
110 • $XDG_RUNTIME_DIR/libvirt/virtsecretd.pid
111
112 The PID file to use, unless overridden by the -p``|--pid-file`` option.
113
114 If $XDG_CONFIG_HOME is not set in your environment, virtsecretd will
115 use $HOME/.config
116
117 If $XDG_RUNTIME_DIR is not set in your environment, virtsecretd will
118 use $HOME/.cache
119
121 To retrieve the version of virtsecretd:
122
123 # virtsecretd --version
124 virtsecretd (libvirt) 9.7.0
125
126 To start virtsecretd, instructing it to daemonize and create a PID
127 file:
128
129 # virtsecretd -d
130 # ls -la /run/virtsecretd.pid
131 -rw-r--r-- 1 root root 6 Jul 9 02:40 /run/virtsecretd.pid
132
134 Please report all bugs you discover. This should be done via either:
135
136 1. the mailing list
137
138 https://libvirt.org/contact.html
139
140 2. the bug tracker
141
142 https://libvirt.org/bugs.html
143
144 Alternatively, you may report bugs to your software distributor / ven‐
145 dor.
146
148 Please refer to the AUTHORS file distributed with libvirt.
149
151 Copyright (C) 2006-2020 Red Hat, Inc., and the authors listed in the
152 libvirt AUTHORS file.
153
155 virtsecretd is distributed under the terms of the GNU LGPL v2.1+. This
156 is free software; see the source for copying conditions. There is NO
157 warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PUR‐
158 POSE
159
161 virsh(1), libvirtd(8), https://libvirt.org/daemons.html,
162 https://libvirt.org/drvsecret.html
163
164
165
166
167 VIRTSECRETD(8)