a73x

5d557b98

fix: use 0600 permissions for CA private key file

a73x   2026-03-29 16:21

diff --git a/ca/ca.go b/ca/ca.go
index 97ab7a7..90b0b2c 100644
--- a/ca/ca.go
+++ b/ca/ca.go
@@ -109,7 +109,7 @@ func generate(certPath, keyPath string) (*x509.Certificate, *ecdsa.PrivateKey, e
	if err != nil {
		return nil, nil, err
	}
	keyFile, err := os.Create(keyPath)
	keyFile, err := os.OpenFile(keyPath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
	if err != nil {
		return nil, nil, err
	}