Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ssl_pkey file permissions should default to 0600 and should be changeable #95

Closed
kasimon opened this issue Oct 24, 2017 · 3 comments
Closed

ssl_pkey file permissions should default to 0600 and should be changeable #95

kasimon opened this issue Oct 24, 2017 · 3 comments
Labels
needs code wontfix

Comments

@kasimon
Copy link

kasimon commented Oct 24, 2017

As of v1.10.0,

ssl_pkey { '/path/to/private.key':
  ensure => 'present',
}

creates a private key file with 0644 permissions. Given the security critical role of private keys, this should default to 0600 and be changeable with the usual user, group and mode options.
@kasimon
Copy link
Author

kasimon commented Oct 24, 2017

As I just recognized, you can use a file resource to accomplish this:

  $private_key = '/path/to/private.key'
  ssl_pkey { $private_key:
    ensure => 'present',
  }
  file { $private_key:
    ensure => file,
    owner  => 'root',
    group  => 'root',
    mode   => '0600',
  }

Probably this should be added to the documentation.

@raphink
Copy link
Member

raphink commented Nov 29, 2017

I'd definitely welcome a PR against the README for that.

trefzer added a commit to cirrax/puppet-openssl that referenced this issue Dec 6, 2020
@trefzer
add possibility to manage permissions for ssl_pkey
dbfa305 
This partly implements Issue voxpupuli#95 (missing is default)
trefzer added a commit to cirrax/puppet-openssl that referenced this issue Dec 15, 2020
@trefzer
add possibility to manage permissions for ssl_pkey
c0e7240 
This partly implements Issue voxpupuli#95 (missing is default)
@stale
Copy link

stale bot commented Apr 19, 2021

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the wontfix label Apr 19, 2021
@stale stale bot closed this as completed Apr 27, 2021
trefzer added a commit to cirrax/puppet-openssl that referenced this issue Jul 5, 2021
@trefzer
add possibility to manage permissions for ssl_pkey
5bbed1f 
This partly implements Issue voxpupuli#95 (missing is default)
trefzer added a commit to cirrax/puppet-openssl that referenced this issue Jul 5, 2021
@trefzer
add possibility to manage permissions for ssl_pkey
fdd475d 
This partly implements Issue voxpupuli#95 (missing is default)
trefzer added a commit to cirrax/puppet-openssl that referenced this issue Jul 5, 2021
@trefzer
add possibility to manage permissions for ssl_pkey
0449035 
This partly implements Issue voxpupuli#95 (missing is default)
trefzer added a commit to cirrax/puppet-openssl that referenced this issue Apr 10, 2022
@trefzer
add possibility to manage permissions for ssl_pkey
525428a 
This partly implements Issue voxpupuli#95 (missing is default)
trefzer added a commit to cirrax/puppet-openssl that referenced this issue Feb 27, 2023
@trefzer
add possibility to manage permissions for ssl_pkey
f44bb34 
This partly implements Issue voxpupuli#95 (missing is default)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
needs code wontfix
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kasimon @raphink