nebula/cmd/nebula-cert/passwords_test.go at 7ed9f2a68826dad2f838a0c957c0e0ed928681f3 - slackhq/nebula - Forgejo: Beyond coding. We forge.

slackhq/nebula

mirror of https://github.com/slackhq/nebula.git synced 2024-11-13 03:09:49 +08:00

John Maguire a56a97e5c3

Add ability to encrypt CA private key at rest (#386 )

Fixes #8.

`nebula-cert ca` now supports encrypting the CA's private key with a
passphrase. Pass `-encrypt` in order to be prompted for a passphrase.
Encryption is performed using AES-256-GCM and Argon2id for KDF. KDF
parameters default to RFC recommendations, but can be overridden via CLI
flags `-argon-memory`, `-argon-parallelism`, and `-argon-iterations`.

2023-04-03 13:59:38 -04:00

10 lines

176 B

Go

Raw Blame History

 package main
 type StubPasswordReader struct {
 	password []byte
 	err      error
 }
 func (pr *StubPasswordReader) ReadPassword() ([]byte, error) {
 	return pr.password, pr.err
 }