From 8cdca9dd6d32679994a50971ab731ca5ed56a918 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Tue, 14 Jul 2020 13:41:03 +0100 Subject: [PATCH] secring: open with more secure umask --- pkgs/sops-install-secrets/main.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkgs/sops-install-secrets/main.go b/pkgs/sops-install-secrets/main.go index cb2392c..1fd7dc8 100644 --- a/pkgs/sops-install-secrets/main.go +++ b/pkgs/sops-install-secrets/main.go @@ -306,7 +306,8 @@ func atomicSymlink(oldname, newname string) error { func importSSHKeys(keyPaths []string, gpgHome string) error { secringPath := filepath.Join(gpgHome, "secring.gpg") - secring, err := os.Create(secringPath) + + secring, err := os.OpenFile(secringPath, os.O_WRONLY|os.O_CREATE, 0600) if err != nil { return fmt.Errorf("Cannot create %s: %s", secringPath, err) }