Tighten local FS permissions around CA private key

pimterry · pimterry · commit 80035cb9a4a8 · 2024-06-21T17:20:12.000+02:00
This isn't an impactful issue, since user profile dir permissions will
generally block access anyway, but it's good practice to keep this
limited where possible (and good defense-in-depth generally)
diff --git a/src/index.ts b/src/index.ts
@@ -56,7 +56,9 @@ async function generateHTTPSConfig(configPath: string) {
 
         return Promise.all([
             writeFile(certPath, newCertPair.cert).then(() => newCertPair.cert),
-            writeFile(keyPath, newCertPair.key)
+            writeFile(keyPath, newCertPair.key, {
+                mode: 0o600 // Only readable for ourselves, nobody else
+            })
         ]);
     });
 
