yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

cli: don't generate a sops key that is world readable

Browse Source 
Fixes https://git.clan.lol/clan/clan-core/issues/3808
This commit is contained in:
Michael Hoang
2025-06-06 12:14:19 +10:00
parent fbdf750694
commit 4b26108b3d
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
pkgs/clan-cli/clan_cli/secrets/sops.py
View File

@@ -352,6 +352,7 @@ def generate_private_key(out_file: Path | None = None) -> tuple[str, str]:
raise ClanError(msg) raise ClanError(msg)
if out_file: if out_file:
out_file.parent.mkdir(parents=True, exist_ok=True) out_file.parent.mkdir(parents=True, exist_ok=True)
out_file.touch(mode=0o600)
out_file.write_text(res) out_file.write_text(res)
except subprocess.CalledProcessError as e: except subprocess.CalledProcessError as e:
msg = "Failed to generate private sops key" msg = "Failed to generate private sops key"