Specify encrypted SSL Key password

[brandonbiggs]

Hi,

My SSL key is encrypted. I have the password so I could unencrypt the key and store it like that but some applications have an option for checking for an environment variable that uses the password. Does Versity have an option for this?

Example for Uvicorn (totally different language/tool, but I wanted to provide an example in case my question wasn't clear)

        uvicorn.run(
            app,
            port=args.port,
            host=args.host,
            ssl_keyfile=settings.ssl_keyfile,
            ssl_certfile=settings.ssl_certfile,
            ssl_keyfile_password=settings.ssl_passphrase,
        )

[benmcclelland]

No option for this currently. I think this would need a deprecated feature in the stdlib x509 package: https://pkg.go.dev/crypto/x509#DecryptPEMBlock

I'm not sure if this is deprecated because its no longer recommended to do this in general, or if there was some issue with the stdlib implementation. We would need to do more investigation to figure out if there is a non-deprecated way to handle this.

[brandonbiggs]

I also saw that was deprecated but I couldn't find a newer supported method.

I can work around this in the meantime. Thanks for confirming that it isn't currently available though!