1VIRTSECRETD(8)              Virtualization Support              VIRTSECRETD(8)
2
3
4

NAME

6       virtsecretd - libvirt secret data management daemon
7

SYNOPSIS

9       virtsecretd [OPTION]...
10

DESCRIPTION

12       The  virtsecretd  program is a server side daemon component of the lib‐
13       virt virtualization management system.
14
15       It is one of a collection of modular daemons that replace functionality
16       previously provided by the monolithic libvirtd daemon.
17
18       This  daemon runs on virtualization hosts to provide management for se‐
19       cret data.
20
21       The virtsecretd daemon only listens for requests on a local Unix domain
22       socket.  Remote  access  via  TLS/TCP  and backwards compatibility with
23       legacy clients expecting libvirtd is provided by the virtproxyd daemon.
24
25       Restarting virtsecretd does not interrupt running guests.  Guests  con‐
26       tinue to operate and changes in their state will generally be picked up
27       automatically during startup. None the less it is recommended to  avoid
28       restarting with running guests whenever practical.
29

DAEMON STARTUP MODES

31       The virtsecretd daemon is capable of starting in two modes.
32
33   Socket activation mode
34       On  hosts  with  systemd it is started in socket activation mode and it
35       will rely on systemd to create and listen on the UNIX sockets and  pass
36       them  as  pre-opened  file descriptors. In this mode most of the socket
37       related config options in /etc/libvirt/virtsecretd.conf will no  longer
38       have any effect.
39
40   Traditional service mode
41       On hosts without systemd, it will create and listen on UNIX sockets it‐
42       self.
43

OPTIONS

45       -h, --help
46
47       Display command line help usage then exit.
48
49       -d, --daemon
50
51       Run as a daemon & write PID file.
52
53       -f, --config *FILE*
54
55       Use this configuration file, overriding the default value.
56
57       -p, --pid-file *FILE*
58
59       Use this name for the PID file, overriding the default value.
60
61       -t, --timeout *SECONDS*
62
63       Exit after timeout period (in seconds), provided there are neither  any
64       client connections nor any ephemeral secrets.
65
66       -v, --verbose
67
68       Enable output of verbose messages.
69
70       --version
71
72       Display version information then exit.
73

SIGNALS

75       On receipt of SIGHUP virtsecretd will reload its configuration.
76

FILES

78   When run as root
79       • /etc/libvirt/virtsecretd.conf
80
81       The  default  configuration file used by virtsecretd, unless overridden
82       on the command line using the -f | --config option.
83
84       • /run/libvirt/virtsecretd-sock
85
86       • /run/libvirt/virtsecretd-sock-ro
87
88       • /run/libvirt/virtsecretd-admin-sock
89
90       The sockets virtsecretd will use.
91
92       The TLS Server private key virtsecretd will use.
93
94       • /run/virtsecretd.pid
95
96       The PID file to use, unless overridden by the -p | --pid-file option.
97
98   When run as non-root
99       • $XDG_CONFIG_HOME/libvirt/virtsecretd.conf
100
101       The default configuration file used by virtsecretd,  unless  overridden
102       on the command line using the -f``|--config`` option.
103
104       • $XDG_RUNTIME_DIR/libvirt/virtsecretd-sock
105
106       • $XDG_RUNTIME_DIR/libvirt/virtsecretd-admin-sock
107
108       The sockets virtsecretd will use.
109
110       • $XDG_RUNTIME_DIR/libvirt/virtsecretd.pid
111
112       The PID file to use, unless overridden by the -p``|--pid-file`` option.
113
114       If  $XDG_CONFIG_HOME  is  not set in your environment, virtsecretd will
115       use $HOME/.config
116
117       If $XDG_RUNTIME_DIR is not set in your  environment,  virtsecretd  will
118       use $HOME/.cache
119

EXAMPLES

121       To retrieve the version of virtsecretd:
122
123          # virtsecretd --version
124          virtsecretd (libvirt) 9.7.0
125
126       To  start  virtsecretd,  instructing  it  to daemonize and create a PID
127       file:
128
129          # virtsecretd -d
130          # ls -la /run/virtsecretd.pid
131          -rw-r--r-- 1 root root 6 Jul  9 02:40 /run/virtsecretd.pid
132

BUGS

134       Please report all bugs you discover.  This should be done via either:
135
136       1. the mailing list
137
138          https://libvirt.org/contact.html
139
140       2. the bug tracker
141
142          https://libvirt.org/bugs.html
143
144       Alternatively, you may report bugs to your software distributor /  ven‐
145       dor.
146

AUTHORS

148       Please refer to the AUTHORS file distributed with libvirt.
149

COPYRIGHT

151       Copyright  (C)  2006-2020  Red Hat, Inc., and the authors listed in the
152       libvirt AUTHORS file.
153

LICENSE

155       virtsecretd is distributed under the terms of the GNU LGPL v2.1+.  This
156       is  free  software;  see the source for copying conditions. There is NO
157       warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PUR‐
158       POSE
159

SEE ALSO

161       virsh(1),         libvirtd(8),        https://libvirt.org/daemons.html,
162       https://libvirt.org/drvsecret.html
163
164
165
166
167                                                                VIRTSECRETD(8)