undefined | Better HN

0 pointsxvector4y ago0 comments

Private keys for tests should be generated on demand, lest you induce CI failure due to key expiration some years down the line

0 comments

dilyevsky4y ago

Keys (at least rsa,ec,ssh ones) don’t expire - certs do. Also you’re not required to set expiration at all and probably should not in test for the very reason you mentioned. Unless you’re testing expiration validation of course in which case cert will be intentionally expired.

tyingq4y ago

I'm somewhat surprised how many keygen type tools don't support ways to do that without putting a passphrase on a command line. Gpg is nice, with --passphrase-fd.

j / k navigate · click thread line to collapse

0 pointsxvector4y ago0 comments

Private keys for tests should be generated on demand, lest you induce CI failure due to key expiration some years down the line

0 comments

dilyevsky4y ago

tyingq4y ago

I'm somewhat surprised how many keygen type tools don't support ways to do that without putting a passphrase on a command line. Gpg is nice, with --passphrase-fd.

j / k navigate · click thread line to collapse