Secure private keys
#4613
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
-
Hi, sorry to use this method to ask about the program but i didnt find other way to contact people with deep knowledge about lemur either through irc, slack or discord.
My desired is try to keep ca and subca ( and if possible certs ) private keys unable to get retrieve in case of a unprivileged or intrusion access, as far i understand reading the docs the variable LEMUR_ENCRYPTION_KEYS is used to generated the private key stored encrypted into the database, and there is a comment over the setting at lemur/lemur.conf.py that said;
You should consider storing these separately from your config
LEMUR_ENCRYPTION_KEYS = "........"
Thats mean this info live outside the server ?, how can i achieve that ?
I've also tried the option;
lock
Encrypts sensitive key material - this is most useful for storing encrypted secrets in source code.
But using lemur lock only encrypted that is at dir /home/lemur/.lemur/keys/decrypted/ , what susposed it should be into it ?
Thanks in advance for any lead.
Beta Was this translation helpful? Give feedback.
All reactions