How can the SPICE password of a libvirt+kvm+qemu virtual machine be changed while the machine is running?

I have a virtual machine that is running on a KVM+QEMU stack with libvirt. The VM is using a qxl or virtio display and has a spice graphics listening on a port.

I'd like to change the password (in SPICE they call it "ticket") used to access that machine from virt-manager or remote-viewer while the machine is running. The old password should be invalidated immediately and new SPICE connections should only be possible with the new password.

In order to be able to change the SPICE access password without a stop/start of the VM, the VM must already be equipped with a password. SPICE passwords cannot be added/removed without a restart.

Under this prerequis, we have two options to achieve this:

A: solution with virt-xml

Use the command virt-xml [-c qemu+ssh://host/system] name-of-the-vm --edit all --graphics password=verys3cr3t --update

B: solution with virsh

1. virsh [-c qemu+ssh://host/system] dumpxml --security-info name-of-the-vm > output.xml
2. look for the block <graphics type='spice' port='5900' autoport='no' listen='0.0.0.0' passwd='testpass'>...</graphics> and isolate it, throw the rest away, save the graphics XML block under graphics.xml
3. Change the passwd attribute to the new desired password
4. virsh [-c qemu+ssh://host/system] update-device name-of-the-vm graphics.xml