Uploaded image for project: 'CFEngine Community'
  1. CFEngine Community
  2. CFE-3875

cf-secret should try to use the executing users private key

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Need more Info
    • Priority: (None)
    • Resolution: Unresolved
    • Affects Version/s: 3.19.0
    • Fix Version/s: None
    • Component/s: cf-secret
    • Labels:
      None

      Description

      When executing as a non root user, I think that cf-secret should try to use the users private key by default for decryption instead of the system private key which is likely inaccessible.

      ❯ whoami
      nickanderson
      
      ❯ cf-secret decrypt /tmp/vault.token --output -
         error: Could not open private key '/var/cfengine/ppkeys/localhost.priv'
         error: Failed to initialize decryption context
      
      ❯ sudo ls -al /var/cfengine/ppkeys
      [sudo] password for nickanderson: 
      total 16
      drwx------  2 root root 4096 Sep  7 10:09 .
      drwxr-xr-x 13 root root 4096 Nov  5 15:16 ..
      -rw-------  1 root root 1675 Sep  7 10:09 localhost.priv
      -rw-------  1 root root  426 Sep  7 10:09 localhost.pub
      
      ❯ cf-secret decrypt --key ~/.cfagent/ppkeys/localhost.priv --output - /tmp/vault.token.cfsecret
      s.bzDmuSuSYHPpJd75QTiVWBfD
      

        Attachments

          Activity

            People

            Assignee:
            olehermanse Ole Herman Schumacher Elgesem
            Reporter:
            a10042 Nick Anderson
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: