From 079115f896b9df2e8977f23f37f37c5cb7c6caef Mon Sep 17 00:00:00 2001
From: kkalev <kkalev@gmail.com>
Date: Fri, 9 Feb 2024 10:31:58 +0200
Subject: [PATCH] update: encrypt private key in create phase if PASSPHRASE env
 var is present

---
 scripts/create.sh | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/scripts/create.sh b/scripts/create.sh
index f310266..9240337 100644
--- a/scripts/create.sh
+++ b/scripts/create.sh
@@ -20,6 +20,11 @@ if [[ $# -gt 0 && $1 == "create" ]]; then
     else
         openssl req -new -newkey rsa:4096 -nodes -keyout certs/privkey.pem -out certs/server.csr -config server.cnf -batch
     fi
+    if [[ -v PASSPHRASE ]]; then
+        echo "PASSPHRASE env var present. Encrypting private key and deleting plain-text private key"
+        openssl rsa -aes256 -passout env:PASSPHRASE -in certs/privkey.pem -out certs/privkey.key
+        rm certs/privkey.pem
+    fi
     exit 0
 fi
 if [[ $# -gt 0 && $1 == "print" ]]; then