Use stricter permissions for Pulp TLS cert and key

priteau · priteau · commit 5bab33f49e23 · 2023-02-10T16:47:10.000+01:00
Pulp runs as root inside its container. It has no problem reading files
with 0600 permissions. There is no reason use 0644, especially for the
key which is readable by any user on the seed.
diff --git a/etc/kayobe/containers/pulp/pre.yml b/etc/kayobe/containers/pulp/pre.yml
@@ -33,7 +33,7 @@
       template:
         src: "{{ item.src }}"
         dest: "/opt/kayobe/containers/pulp/certs/{{ item.dest }}"
-        mode: 0644
+        mode: 0600
       become: true
       loop:
         - src: "{{ pulp_cert_path }}"
