On 19/10/2015 17:24, Daniel P. Berrange wrote: > JSON doesn't accept arbitrary 8-bit binary data, so the alternative > 'base64' is effectively providing binary data facility. Having to > use base64 for plain passwords is rather tedious though, so allowing > utf8 is a much more developer friendly approach for people using QEMU > without a mgmt tool like libvirt. > > NB, this dual-format utf8-or-base64 approach matches the approach used > in QEMU guest agent for the guest-file-read/write commands for the same > reason.
The difference is that guest-file-read/write have the payload in JSON; for file-based secrets the payload is not JSON. So I think that "binary" (which is the default anyway) would fit all the usecases (direct over JSON, file-based, direct over command line). Direct over JSON would be limited to valid UTF-8, but that's just a limitation of the transport. Paolo