Merge "Make generated private key files not world readable"

2018-05-10 15:43:17 +00:00 · 2018-05-10 15:43:17 +00:00 · 62237489f0
commit 62237489f0
parent 9bbdb71ada 3991ebcd79
1 changed files with 8 additions and 0 deletions
--- a/ansible/roles/certificates/tasks/generate.yml
+++ b/ansible/roles/certificates/tasks/generate.yml
@ -22,6 +22,13 @@
  with_items:
    - "{{ node_config_directory }}/certificates/private/haproxy.key"

+- name: Setting permissions on key
+  become: true
+  file:
+    path: "{{ node_config_directory }}/certificates/private/haproxy.key"
+    mode: 0600
+    state: file
+
 - name: Creating Server Certificate
  become: true
  command: creates="{{ item }}" openssl req -new -nodes -sha256 -x509 \
@ -45,3 +52,4 @@
  assemble:
    src: "{{ node_config_directory }}/certificates/private"
    dest: "{{ node_config_directory }}/certificates/haproxy.pem"
+    mode: 0600