require 0600 on keyfile for security

2026-05-25 14:15:15 +00:00 · 2020-12-27 23:11:28 -08:00
parent 60f2596983
commit b32fee24c8
1 changed files with 5 additions and 0 deletions
@@ -106,6 +106,11 @@ func startServer(c *cli.Context) error {
 func createKeyProvider(keyFile, keys string) (auth.KeyProvider, error) {
 	// prefer keyfile if set
 	if keyFile != "" {
+		if st, err := os.Stat(keyFile); err != nil {
+			return nil, err
+		} else if st.Mode().Perm() != 0600 {
+			return nil, fmt.Errorf("key file must have permission set to 600")
+		}
 		f, err := os.Open(keyFile)
 		if err != nil {
 			return nil, err