update: encrypt private key in create phase if PASSPHRASE env var is …

…present
gunet · Feb 9, 2024 · 079115f · 079115f
1 parent 9aee346
commit 079115f
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/scripts/create.sh b/scripts/create.sh
@@ -20,6 +20,11 @@ if [[ $# -gt 0 && $1 == "create" ]]; then
     else
         openssl req -new -newkey rsa:4096 -nodes -keyout certs/privkey.pem -out certs/server.csr -config server.cnf -batch
     fi
+    if [[ -v PASSPHRASE ]]; then
+        echo "PASSPHRASE env var present. Encrypting private key and deleting plain-text private key"
+        openssl rsa -aes256 -passout env:PASSPHRASE -in certs/privkey.pem -out certs/privkey.key
+        rm certs/privkey.pem
+    fi
     exit 0
 fi
 if [[ $# -gt 0 && $1 == "print" ]]; then