XCP-ng
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Provision Config/Secrets to XenStore from XO

    Scheduled Pinned Locked Moved Xen Orchestra
    2 Posts 2 Posters 323 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • smrqdtS Offline
      smrqdt
      last edited by smrqdt

      Is there a way to insert data into xenstore through XO when creating a VM?

      I’m interested in inserting configuration (like Fedora CoreOS Ignition) or secrets (e.g. a vault token) into a VM.

      Would xenstore be a “safe” place for secrets? It seems it is only accessible by the root user of the guest, so a good start. I assume it’s also properly isolated from other guests?

      1 Reply Last reply Reply Quote 0
      • olivierlambertO Offline
        olivierlambert Vates 🪐 Co-Founder CEO
        last edited by

        Hi,

        1. Indeed, only root user in the guest can read it
        2. Any user that can see the XAPI object will be able to read it

        So I would say it's "reasonably safe", but it all depends on your global usage context and level of confidentiality you need.

        1 Reply Last reply Reply Quote 1

        Hello! It looks like you're interested in this conversation, but you don't have an account yet.

        Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.

        With your input, this post could be even better 💗

        Register Login
        • First post
          Last post