summaryrefslogtreecommitdiff
path: root/sitemodules/profiles/manifests/x509cert_common.pp
diff options
context:
space:
mode:
authorJan Dittberner <jan@dittberner.info>2021-05-11 09:58:27 +0200
committerJan Dittberner <jan@dittberner.info>2021-05-11 09:58:27 +0200
commita4a0a97453e35a793e24f721f243ed0f73294ca5 (patch)
treeada121d710c2ff6f32d226af5863f03d85bf04d8 /sitemodules/profiles/manifests/x509cert_common.pp
parent561fd397d0611528e03f15aed6d5cd3c140cbe18 (diff)
downloadcacert-puppet-a4a0a97453e35a793e24f721f243ed0f73294ca5.tar.gz
cacert-puppet-a4a0a97453e35a793e24f721f243ed0f73294ca5.tar.xz
cacert-puppet-a4a0a97453e35a793e24f721f243ed0f73294ca5.zip
Fix default file mode for private keys
Diffstat (limited to 'sitemodules/profiles/manifests/x509cert_common.pp')
-rw-r--r--sitemodules/profiles/manifests/x509cert_common.pp2
1 files changed, 1 insertions, 1 deletions
diff --git a/sitemodules/profiles/manifests/x509cert_common.pp b/sitemodules/profiles/manifests/x509cert_common.pp
index 2aafa8e..380b505 100644
--- a/sitemodules/profiles/manifests/x509cert_common.pp
+++ b/sitemodules/profiles/manifests/x509cert_common.pp
@@ -59,7 +59,7 @@ class profiles::x509cert_common (
ensure => file,
owner => pick($cert_info['key_owner'], 'root'),
group => pick($cert_info['key_group'], 'root'),
- mode => pick($cert_info['key_mode'], 'root'),
+ mode => pick($cert_info['key_mode'], '0640'),
content => $cert_info['private_key'],
}
file { "/etc/ssl/public/${name}.crt.pem":