Encrypted pem config file mods #272
Draft
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The use case would be an instance where a TLS certificate is encrypted with a password to further protect it from misuse. Current state go between does not handle this functionality that I can see and there is no parameter in the configuration for a password. 1. we need to add a add a cert_pass parameter to the config type to place a plain text password 2. reference the cert_pass parameter from the config in the MakeBackendTLSConfig and map to the password field where required by decryptPEMBlock()
These will be used to reference the password file or password string used to decrypt as password protected certificate keyfile
fixing a typo for the key_pass_path and key_pass in the Tls Struct
my travis build failed. will work on this later
Author
|
@yyyar I believe this PR for the config file modifications is probably ready for review. |
Author
|
@yyyar I will start working on the logic for the tls.go package this weekend |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This adds the key values to the Tls and backed Tls structs to decrypt encrypted certificate keyfiles. I will add the logic to the tls.go file in a future pull request.