virt-who-password prompts for password and writes encrypted entered password to the standard output.
This utility must be executed as root, because the encryption key is written into file that is only readable by root. Note that root can decrypt the password.
Encryption key is written into file /var/lib/virt-who/key, make sure that this file is only readable and writable by root.
Radek Novacek <rnovacek at redhat dot com>