feat: add TLS encryption for client-agent communication #269
Conversation
RiSKeD
force-pushed
the
feat/tls-support
branch
2 times, most recently
from
a9a7542 to
2b64792
Compare
|
The agent will auto generate a self-signed key/certificate into the key and certificate path if no files exists in the path. |
There was a problem hiding this comment.
Pull request overview
This pull request implements TLS encryption for client-agent communication using Ed25519 self-signed certificates. TLS is enabled by default with an --insecure flag available for backward compatibility with plain HTTP. The implementation provides encryption only, without client authentication.
Key changes:
- New
internal/tlsutilpackage for certificate generation and management with auto-generation support - TLS client configuration in
dutctlwith InsecureSkipVerify to accept self-signed certificates - TLS server configuration in
dutagentwith configurable certificate paths and automatic certificate generation
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 13 comments.
| File | Description |
|---|---|
| internal/tlsutil/tlsutil.go | New package providing Ed25519 certificate generation, loading, and auto-generation functionality |
| cmds/dutctl/dutctl.go | Added TLS client support with --insecure flag and TLS/HTTPS transport configuration |
| cmds/dutagent/dutagent.go | Added TLS server support with certificate auto-generation, configurable paths, and --insecure fallback |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
RiSKeD
force-pushed
the
feat/tls-support
branch
from
2b64792 to
bd30857
Compare
RiSKeD
changed the title
RiSKeD
force-pushed
the
feat/tls-support
branch
3 times, most recently
from
49df9ea to
ed5eea3
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 4 out of 4 changed files in this pull request and generated 7 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
RiSKeD
changed the title
RiSKeD
force-pushed
the
feat/tls-support
branch
2 times, most recently
from
f6ff376 to
7f29510
Compare
Move the duplicated newInsecureClient implementation from dutctl and dutagent into a shared pkg/rpc.NewInsecureClient function. This eliminates code duplication and provides a single source of truth for h2c (HTTP/2 without TLS) client configuration. Signed-off-by: Fabian Wienand <fabian.wienand@9elements.com>
Implement TLS support using Ed25519 self-signed certificates to encrypt communication between dutctl client and dutagent server. TLS is enabled by default with an --insecure flag available for HTTP support. This provides encryption only, not client authentication. Any client can connect to the agent. Signed-off-by: Fabian Wienand <fabian.wienand@9elements.com>
Signed-off-by: Fabian Wienand <fabian.wienand@9elements.com>
RiSKeD
force-pushed
the
feat/tls-support
branch
from
7f29510 to
ab6f229
Compare
Implement TLS support using Ed25519 self-signed certificates to encrypt communication between dutctl client and dutagent server. TLS is enabled by default with an --insecure flag available for HTTP support. This provides encryption only, not client authentication. Any client can connect to the agent.