From 25fa7a191782eaa7995ec28e415cff9af8719254 Mon Sep 17 00:00:00 2001
From: Andrey Smirnov <smirnov.andrey@gmail.com>
Date: Tue, 27 Apr 2021 00:03:25 +0300
Subject: [PATCH] chore: remove security API ReadFile/WriteFile

This seems to be unused completely, and they look scary enough at the
same time.

For better readability and to avoid any pitfalls, better to remove them.

Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
(cherry picked from commit c3a4173e11a92c2bc51ea4f284ad38c9750105d2)
---
 api/security/security.proto                   |  22 --
 internal/app/trustd/internal/reg/reg.go       |  36 --
 pkg/machinery/api/security/security.pb.go     | 313 ++----------------
 .../api/security/security_grpc.pb.go          |  74 -----
 website/content/docs/v0.10/Reference/api.md   |  63 ----
 5 files changed, 19 insertions(+), 489 deletions(-)

diff --git a/api/security/security.proto b/api/security/security.proto
index 5fce81aa76..2cd4f28a2b 100644
--- a/api/security/security.proto
+++ b/api/security/security.proto
@@ -10,8 +10,6 @@ option java_package = "com.security.api";
 // The security service definition.
 service SecurityService {
   rpc Certificate(CertificateRequest) returns (CertificateResponse);
-  rpc ReadFile(ReadFileRequest) returns (ReadFileResponse);
-  rpc WriteFile(WriteFileRequest) returns (WriteFileResponse);
 }
 
 // The request message containing the process name.
@@ -24,23 +22,3 @@ message CertificateResponse {
   bytes ca = 1;
   bytes crt = 2;
 }
-
-// The request message for reading a file on disk.
-message ReadFileRequest {
-  string path = 1;
-}
-
-// The response message for reading a file on disk.
-message ReadFileResponse {
-  bytes data = 1;
-}
-
-// The request message containing the process name.
-message WriteFileRequest {
-  string path = 1;
-  bytes data = 2;
-  int32 perm = 3;
-}
-
-// The response message containing the requested logs.
-message WriteFileResponse {}
diff --git a/internal/app/trustd/internal/reg/reg.go b/internal/app/trustd/internal/reg/reg.go
index d244c37987..27aa20a6de 100644
--- a/internal/app/trustd/internal/reg/reg.go
+++ b/internal/app/trustd/internal/reg/reg.go
@@ -6,10 +6,6 @@ package reg
 
 import (
 	"context"
-	"io/ioutil"
-	"log"
-	"os"
-	"path"
 
 	"github.com/talos-systems/crypto/x509"
 	"google.golang.org/grpc"
@@ -49,35 +45,3 @@ func (r *Registrator) Certificate(ctx context.Context, in *securityapi.Certifica
 
 	return resp, nil
 }
-
-// ReadFile implements the securityapi.SecurityServer interface.
-func (r *Registrator) ReadFile(ctx context.Context, in *securityapi.ReadFileRequest) (resp *securityapi.ReadFileResponse, err error) {
-	var b []byte
-
-	if b, err = ioutil.ReadFile(in.Path); err != nil {
-		return nil, err
-	}
-
-	log.Printf("read file on disk: %s", in.Path)
-
-	resp = &securityapi.ReadFileResponse{Data: b}
-
-	return resp, nil
-}
-
-// WriteFile implements the securityapi.SecurityServer interface.
-func (r *Registrator) WriteFile(ctx context.Context, in *securityapi.WriteFileRequest) (resp *securityapi.WriteFileResponse, err error) {
-	if err = os.MkdirAll(path.Dir(in.Path), os.ModeDir); err != nil {
-		return
-	}
-
-	if err = ioutil.WriteFile(in.Path, in.Data, os.FileMode(in.Perm)); err != nil {
-		return
-	}
-
-	log.Printf("wrote file to disk: %s", in.Path)
-
-	resp = &securityapi.WriteFileResponse{}
-
-	return resp, nil
-}
diff --git a/pkg/machinery/api/security/security.pb.go b/pkg/machinery/api/security/security.pb.go
index aa37897e75..2e6fca33d5 100644
--- a/pkg/machinery/api/security/security.pb.go
+++ b/pkg/machinery/api/security/security.pb.go
@@ -125,205 +125,6 @@ func (x *CertificateResponse) GetCrt() []byte {
 	return nil
 }
 
-// The request message for reading a file on disk.
-type ReadFileRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Path string `protobuf:"bytes,1,opt,name=path,proto3" json:"path,omitempty"`
-}
-
-func (x *ReadFileRequest) Reset() {
-	*x = ReadFileRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_security_security_proto_msgTypes[2]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *ReadFileRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*ReadFileRequest) ProtoMessage() {}
-
-func (x *ReadFileRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_security_security_proto_msgTypes[2]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use ReadFileRequest.ProtoReflect.Descriptor instead.
-func (*ReadFileRequest) Descriptor() ([]byte, []int) {
-	return file_security_security_proto_rawDescGZIP(), []int{2}
-}
-
-func (x *ReadFileRequest) GetPath() string {
-	if x != nil {
-		return x.Path
-	}
-	return ""
-}
-
-// The response message for reading a file on disk.
-type ReadFileResponse struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Data []byte `protobuf:"bytes,1,opt,name=data,proto3" json:"data,omitempty"`
-}
-
-func (x *ReadFileResponse) Reset() {
-	*x = ReadFileResponse{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_security_security_proto_msgTypes[3]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *ReadFileResponse) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*ReadFileResponse) ProtoMessage() {}
-
-func (x *ReadFileResponse) ProtoReflect() protoreflect.Message {
-	mi := &file_security_security_proto_msgTypes[3]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use ReadFileResponse.ProtoReflect.Descriptor instead.
-func (*ReadFileResponse) Descriptor() ([]byte, []int) {
-	return file_security_security_proto_rawDescGZIP(), []int{3}
-}
-
-func (x *ReadFileResponse) GetData() []byte {
-	if x != nil {
-		return x.Data
-	}
-	return nil
-}
-
-// The request message containing the process name.
-type WriteFileRequest struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-
-	Path string `protobuf:"bytes,1,opt,name=path,proto3" json:"path,omitempty"`
-	Data []byte `protobuf:"bytes,2,opt,name=data,proto3" json:"data,omitempty"`
-	Perm int32  `protobuf:"varint,3,opt,name=perm,proto3" json:"perm,omitempty"`
-}
-
-func (x *WriteFileRequest) Reset() {
-	*x = WriteFileRequest{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_security_security_proto_msgTypes[4]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *WriteFileRequest) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*WriteFileRequest) ProtoMessage() {}
-
-func (x *WriteFileRequest) ProtoReflect() protoreflect.Message {
-	mi := &file_security_security_proto_msgTypes[4]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use WriteFileRequest.ProtoReflect.Descriptor instead.
-func (*WriteFileRequest) Descriptor() ([]byte, []int) {
-	return file_security_security_proto_rawDescGZIP(), []int{4}
-}
-
-func (x *WriteFileRequest) GetPath() string {
-	if x != nil {
-		return x.Path
-	}
-	return ""
-}
-
-func (x *WriteFileRequest) GetData() []byte {
-	if x != nil {
-		return x.Data
-	}
-	return nil
-}
-
-func (x *WriteFileRequest) GetPerm() int32 {
-	if x != nil {
-		return x.Perm
-	}
-	return 0
-}
-
-// The response message containing the requested logs.
-type WriteFileResponse struct {
-	state         protoimpl.MessageState
-	sizeCache     protoimpl.SizeCache
-	unknownFields protoimpl.UnknownFields
-}
-
-func (x *WriteFileResponse) Reset() {
-	*x = WriteFileResponse{}
-	if protoimpl.UnsafeEnabled {
-		mi := &file_security_security_proto_msgTypes[5]
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		ms.StoreMessageInfo(mi)
-	}
-}
-
-func (x *WriteFileResponse) String() string {
-	return protoimpl.X.MessageStringOf(x)
-}
-
-func (*WriteFileResponse) ProtoMessage() {}
-
-func (x *WriteFileResponse) ProtoReflect() protoreflect.Message {
-	mi := &file_security_security_proto_msgTypes[5]
-	if protoimpl.UnsafeEnabled && x != nil {
-		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
-		if ms.LoadMessageInfo() == nil {
-			ms.StoreMessageInfo(mi)
-		}
-		return ms
-	}
-	return mi.MessageOf(x)
-}
-
-// Deprecated: Use WriteFileResponse.ProtoReflect.Descriptor instead.
-func (*WriteFileResponse) Descriptor() ([]byte, []int) {
-	return file_security_security_proto_rawDescGZIP(), []int{5}
-}
-
 var File_security_security_proto protoreflect.FileDescriptor
 
 var file_security_security_proto_rawDesc = []byte{
@@ -335,40 +136,20 @@ var file_security_security_proto_rawDesc = []byte{
 	0x0a, 0x13, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x73,
 	0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x63, 0x61, 0x18, 0x01, 0x20, 0x01, 0x28,
 	0x0c, 0x52, 0x02, 0x63, 0x61, 0x12, 0x10, 0x0a, 0x03, 0x63, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01,
-	0x28, 0x0c, 0x52, 0x03, 0x63, 0x72, 0x74, 0x22, 0x25, 0x0a, 0x0f, 0x52, 0x65, 0x61, 0x64, 0x46,
-	0x69, 0x6c, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61,
-	0x74, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x22, 0x26,
-	0x0a, 0x10, 0x52, 0x65, 0x61, 0x64, 0x46, 0x69, 0x6c, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
-	0x73, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x64, 0x61, 0x74, 0x61, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c,
-	0x52, 0x04, 0x64, 0x61, 0x74, 0x61, 0x22, 0x4e, 0x0a, 0x10, 0x57, 0x72, 0x69, 0x74, 0x65, 0x46,
-	0x69, 0x6c, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61,
-	0x74, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, 0x12,
-	0x0a, 0x04, 0x64, 0x61, 0x74, 0x61, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x04, 0x64, 0x61,
-	0x74, 0x61, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x65, 0x72, 0x6d, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05,
-	0x52, 0x04, 0x70, 0x65, 0x72, 0x6d, 0x22, 0x13, 0x0a, 0x11, 0x57, 0x72, 0x69, 0x74, 0x65, 0x46,
-	0x69, 0x6c, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x32, 0xf8, 0x01, 0x0a, 0x0f,
-	0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12,
-	0x50, 0x0a, 0x0b, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x1f,
-	0x2e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x65, 0x72,
-	0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
-	0x20, 0x2e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x65,
-	0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
-	0x65, 0x12, 0x47, 0x0a, 0x08, 0x52, 0x65, 0x61, 0x64, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x1c, 0x2e,
-	0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x61, 0x70, 0x69, 0x2e, 0x52, 0x65, 0x61, 0x64,
-	0x46, 0x69, 0x6c, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1d, 0x2e, 0x73, 0x65,
-	0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x61, 0x70, 0x69, 0x2e, 0x52, 0x65, 0x61, 0x64, 0x46, 0x69,
-	0x6c, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x4a, 0x0a, 0x09, 0x57, 0x72,
-	0x69, 0x74, 0x65, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x1d, 0x2e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69,
-	0x74, 0x79, 0x61, 0x70, 0x69, 0x2e, 0x57, 0x72, 0x69, 0x74, 0x65, 0x46, 0x69, 0x6c, 0x65, 0x52,
-	0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1e, 0x2e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74,
-	0x79, 0x61, 0x70, 0x69, 0x2e, 0x57, 0x72, 0x69, 0x74, 0x65, 0x46, 0x69, 0x6c, 0x65, 0x52, 0x65,
-	0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x5c, 0x0a, 0x10, 0x63, 0x6f, 0x6d, 0x2e, 0x73, 0x65,
-	0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x61, 0x70, 0x69, 0x42, 0x0b, 0x53, 0x65, 0x63, 0x75,
-	0x72, 0x69, 0x74, 0x79, 0x41, 0x70, 0x69, 0x50, 0x01, 0x5a, 0x39, 0x67, 0x69, 0x74, 0x68, 0x75,
-	0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2d, 0x73, 0x79, 0x73, 0x74,
-	0x65, 0x6d, 0x73, 0x2f, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x6d, 0x61,
-	0x63, 0x68, 0x69, 0x6e, 0x65, 0x72, 0x79, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x73, 0x65, 0x63, 0x75,
-	0x72, 0x69, 0x74, 0x79, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x28, 0x0c, 0x52, 0x03, 0x63, 0x72, 0x74, 0x32, 0x63, 0x0a, 0x0f, 0x53, 0x65, 0x63, 0x75, 0x72,
+	0x69, 0x74, 0x79, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x50, 0x0a, 0x0b, 0x43, 0x65,
+	0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x1f, 0x2e, 0x73, 0x65, 0x63, 0x75,
+	0x72, 0x69, 0x74, 0x79, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
+	0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x20, 0x2e, 0x73, 0x65, 0x63,
+	0x75, 0x72, 0x69, 0x74, 0x79, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
+	0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x5c, 0x0a, 0x10,
+	0x63, 0x6f, 0x6d, 0x2e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x61, 0x70, 0x69,
+	0x42, 0x0b, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x41, 0x70, 0x69, 0x50, 0x01, 0x5a,
+	0x39, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x74, 0x61, 0x6c, 0x6f,
+	0x73, 0x2d, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x73, 0x2f, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2f,
+	0x70, 0x6b, 0x67, 0x2f, 0x6d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, 0x72, 0x79, 0x2f, 0x61, 0x70,
+	0x69, 0x2f, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x33,
 }
 
 var (
@@ -384,26 +165,18 @@ func file_security_security_proto_rawDescGZIP() []byte {
 }
 
 var (
-	file_security_security_proto_msgTypes = make([]protoimpl.MessageInfo, 6)
+	file_security_security_proto_msgTypes = make([]protoimpl.MessageInfo, 2)
 	file_security_security_proto_goTypes  = []interface{}{
 		(*CertificateRequest)(nil),  // 0: securityapi.CertificateRequest
 		(*CertificateResponse)(nil), // 1: securityapi.CertificateResponse
-		(*ReadFileRequest)(nil),     // 2: securityapi.ReadFileRequest
-		(*ReadFileResponse)(nil),    // 3: securityapi.ReadFileResponse
-		(*WriteFileRequest)(nil),    // 4: securityapi.WriteFileRequest
-		(*WriteFileResponse)(nil),   // 5: securityapi.WriteFileResponse
 	}
 )
 
 var file_security_security_proto_depIdxs = []int32{
 	0, // 0: securityapi.SecurityService.Certificate:input_type -> securityapi.CertificateRequest
-	2, // 1: securityapi.SecurityService.ReadFile:input_type -> securityapi.ReadFileRequest
-	4, // 2: securityapi.SecurityService.WriteFile:input_type -> securityapi.WriteFileRequest
-	1, // 3: securityapi.SecurityService.Certificate:output_type -> securityapi.CertificateResponse
-	3, // 4: securityapi.SecurityService.ReadFile:output_type -> securityapi.ReadFileResponse
-	5, // 5: securityapi.SecurityService.WriteFile:output_type -> securityapi.WriteFileResponse
-	3, // [3:6] is the sub-list for method output_type
-	0, // [0:3] is the sub-list for method input_type
+	1, // 1: securityapi.SecurityService.Certificate:output_type -> securityapi.CertificateResponse
+	1, // [1:2] is the sub-list for method output_type
+	0, // [0:1] is the sub-list for method input_type
 	0, // [0:0] is the sub-list for extension type_name
 	0, // [0:0] is the sub-list for extension extendee
 	0, // [0:0] is the sub-list for field type_name
@@ -439,54 +212,6 @@ func file_security_security_proto_init() {
 				return nil
 			}
 		}
-		file_security_security_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*ReadFileRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_security_security_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*ReadFileResponse); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_security_security_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*WriteFileRequest); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
-		file_security_security_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
-			switch v := v.(*WriteFileResponse); i {
-			case 0:
-				return &v.state
-			case 1:
-				return &v.sizeCache
-			case 2:
-				return &v.unknownFields
-			default:
-				return nil
-			}
-		}
 	}
 	type x struct{}
 	out := protoimpl.TypeBuilder{
@@ -494,7 +219,7 @@ func file_security_security_proto_init() {
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
 			RawDescriptor: file_security_security_proto_rawDesc,
 			NumEnums:      0,
-			NumMessages:   6,
+			NumMessages:   2,
 			NumExtensions: 0,
 			NumServices:   1,
 		},
diff --git a/pkg/machinery/api/security/security_grpc.pb.go b/pkg/machinery/api/security/security_grpc.pb.go
index c8a6058d5e..10d68122d7 100644
--- a/pkg/machinery/api/security/security_grpc.pb.go
+++ b/pkg/machinery/api/security/security_grpc.pb.go
@@ -20,8 +20,6 @@ const _ = grpc.SupportPackageIsVersion7
 // For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
 type SecurityServiceClient interface {
 	Certificate(ctx context.Context, in *CertificateRequest, opts ...grpc.CallOption) (*CertificateResponse, error)
-	ReadFile(ctx context.Context, in *ReadFileRequest, opts ...grpc.CallOption) (*ReadFileResponse, error)
-	WriteFile(ctx context.Context, in *WriteFileRequest, opts ...grpc.CallOption) (*WriteFileResponse, error)
 }
 
 type securityServiceClient struct {
@@ -41,31 +39,11 @@ func (c *securityServiceClient) Certificate(ctx context.Context, in *Certificate
 	return out, nil
 }
 
-func (c *securityServiceClient) ReadFile(ctx context.Context, in *ReadFileRequest, opts ...grpc.CallOption) (*ReadFileResponse, error) {
-	out := new(ReadFileResponse)
-	err := c.cc.Invoke(ctx, "/securityapi.SecurityService/ReadFile", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
-func (c *securityServiceClient) WriteFile(ctx context.Context, in *WriteFileRequest, opts ...grpc.CallOption) (*WriteFileResponse, error) {
-	out := new(WriteFileResponse)
-	err := c.cc.Invoke(ctx, "/securityapi.SecurityService/WriteFile", in, out, opts...)
-	if err != nil {
-		return nil, err
-	}
-	return out, nil
-}
-
 // SecurityServiceServer is the server API for SecurityService service.
 // All implementations must embed UnimplementedSecurityServiceServer
 // for forward compatibility
 type SecurityServiceServer interface {
 	Certificate(context.Context, *CertificateRequest) (*CertificateResponse, error)
-	ReadFile(context.Context, *ReadFileRequest) (*ReadFileResponse, error)
-	WriteFile(context.Context, *WriteFileRequest) (*WriteFileResponse, error)
 	mustEmbedUnimplementedSecurityServiceServer()
 }
 
@@ -75,14 +53,6 @@ type UnimplementedSecurityServiceServer struct{}
 func (UnimplementedSecurityServiceServer) Certificate(context.Context, *CertificateRequest) (*CertificateResponse, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method Certificate not implemented")
 }
-
-func (UnimplementedSecurityServiceServer) ReadFile(context.Context, *ReadFileRequest) (*ReadFileResponse, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method ReadFile not implemented")
-}
-
-func (UnimplementedSecurityServiceServer) WriteFile(context.Context, *WriteFileRequest) (*WriteFileResponse, error) {
-	return nil, status.Errorf(codes.Unimplemented, "method WriteFile not implemented")
-}
 func (UnimplementedSecurityServiceServer) mustEmbedUnimplementedSecurityServiceServer() {}
 
 // UnsafeSecurityServiceServer may be embedded to opt out of forward compatibility for this service.
@@ -114,42 +84,6 @@ func _SecurityService_Certificate_Handler(srv interface{}, ctx context.Context,
 	return interceptor(ctx, in, info, handler)
 }
 
-func _SecurityService_ReadFile_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(ReadFileRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(SecurityServiceServer).ReadFile(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/securityapi.SecurityService/ReadFile",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(SecurityServiceServer).ReadFile(ctx, req.(*ReadFileRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
-func _SecurityService_WriteFile_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
-	in := new(WriteFileRequest)
-	if err := dec(in); err != nil {
-		return nil, err
-	}
-	if interceptor == nil {
-		return srv.(SecurityServiceServer).WriteFile(ctx, in)
-	}
-	info := &grpc.UnaryServerInfo{
-		Server:     srv,
-		FullMethod: "/securityapi.SecurityService/WriteFile",
-	}
-	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(SecurityServiceServer).WriteFile(ctx, req.(*WriteFileRequest))
-	}
-	return interceptor(ctx, in, info, handler)
-}
-
 // SecurityService_ServiceDesc is the grpc.ServiceDesc for SecurityService service.
 // It's only intended for direct use with grpc.RegisterService,
 // and not to be introspected or modified (even as a copy)
@@ -161,14 +95,6 @@ var SecurityService_ServiceDesc = grpc.ServiceDesc{
 			MethodName: "Certificate",
 			Handler:    _SecurityService_Certificate_Handler,
 		},
-		{
-			MethodName: "ReadFile",
-			Handler:    _SecurityService_ReadFile_Handler,
-		},
-		{
-			MethodName: "WriteFile",
-			Handler:    _SecurityService_WriteFile_Handler,
-		},
 	},
 	Streams:  []grpc.StreamDesc{},
 	Metadata: "security/security.proto",
diff --git a/website/content/docs/v0.10/Reference/api.md b/website/content/docs/v0.10/Reference/api.md
index 8c8ba2cf11..36a090aadc 100644
--- a/website/content/docs/v0.10/Reference/api.md
+++ b/website/content/docs/v0.10/Reference/api.md
@@ -211,10 +211,6 @@ description: Talos gRPC API reference.
 - [security/security.proto](#security/security.proto)
     - [CertificateRequest](#securityapi.CertificateRequest)
     - [CertificateResponse](#securityapi.CertificateResponse)
-    - [ReadFileRequest](#securityapi.ReadFileRequest)
-    - [ReadFileResponse](#securityapi.ReadFileResponse)
-    - [WriteFileRequest](#securityapi.WriteFileRequest)
-    - [WriteFileResponse](#securityapi.WriteFileResponse)
   
     - [SecurityService](#securityapi.SecurityService)
   
@@ -3386,63 +3382,6 @@ The response message containing the requested logs.
 
 
 
-
-<a name="securityapi.ReadFileRequest"></a>
-
-### ReadFileRequest
-The request message for reading a file on disk.
-
-
-| Field | Type | Label | Description |
-| ----- | ---- | ----- | ----------- |
-| path | [string](#string) |  |  |
-
-
-
-
-
-
-<a name="securityapi.ReadFileResponse"></a>
-
-### ReadFileResponse
-The response message for reading a file on disk.
-
-
-| Field | Type | Label | Description |
-| ----- | ---- | ----- | ----------- |
-| data | [bytes](#bytes) |  |  |
-
-
-
-
-
-
-<a name="securityapi.WriteFileRequest"></a>
-
-### WriteFileRequest
-The request message containing the process name.
-
-
-| Field | Type | Label | Description |
-| ----- | ---- | ----- | ----------- |
-| path | [string](#string) |  |  |
-| data | [bytes](#bytes) |  |  |
-| perm | [int32](#int32) |  |  |
-
-
-
-
-
-
-<a name="securityapi.WriteFileResponse"></a>
-
-### WriteFileResponse
-The response message containing the requested logs.
-
-
-
-
-
  <!-- end messages -->
 
  <!-- end enums -->
@@ -3458,8 +3397,6 @@ The security service definition.
 | Method Name | Request Type | Response Type | Description |
 | ----------- | ------------ | ------------- | ------------|
 | Certificate | [CertificateRequest](#securityapi.CertificateRequest) | [CertificateResponse](#securityapi.CertificateResponse) |  |
-| ReadFile | [ReadFileRequest](#securityapi.ReadFileRequest) | [ReadFileResponse](#securityapi.ReadFileResponse) |  |
-| WriteFile | [WriteFileRequest](#securityapi.WriteFileRequest) | [WriteFileResponse](#securityapi.WriteFileResponse) |  |
 
  <!-- end services -->