Password for key in SSL

Question

Password for key in SSL

manuel-rubio opened this issue 7 months ago · 4 comments

I was trying to configure the SSL for Bandit but I just realised my key file is encrypted and it's required that's not unencrypted, so could we specify the password? I can see that Plug.SSL has the password but that's compiled with the code and I want the possibility to pass that information with the Bandit configuration when it's starting, like certfile and keyfile configurations.

Answer 1 · 2024-03-20T13:10:27.000Z

When you say 'Plug.SSL has the password' what are you referring to? Thousand Island (and by extension Bandit) are deliberately unaware of the options you pass to the underlying transport; anything you can pass to the underlying Erlang :ssl library is supported, we just pass it through. I'm not aware of any options to the effect you're looking for

Answer 2 · 2024-03-25T10:41:07.000Z

Sorry, I was referring that I was using Bandit options like this:

bandit_opts = [
  plug: MyApp.Router,
  port: 4000,
  otp_app: :myapp,
  scheme: :https,
  certfile: "/certs/path/file.crt",
  keyfile: "/cets/path/file.key",
  thousand_island_options: [
    num_acceptors: 5
  ]
]

Where could I put the password to unencrypt the key file?

Answer 3 · 2024-03-25T13:49:21.000Z

It looks like the password option is what you're looking for. Because it's not one of Bandit's convenience options you'll need to set it manually on the underlying transport:

bandit_opts = [
  plug: MyApp.Router,
  port: 4000,
  otp_app: :myapp,
  scheme: :https,
  certfile: "/certs/path/file.crt",
  keyfile: "/cets/path/file.key",
  thousand_island_options: [
    num_acceptors: 5,
    transport_options: [password: "soopersekrit"]
  ]
]

Answer 4 · 2024-03-26T09:54:14.000Z

that's what I needed, thanks @mtrudel !!!