Skip to content

Commit

Permalink
fix(core): enhance security of mongodbinstance setup scripts (#33)
Browse files Browse the repository at this point in the history
  • Loading branch information
ddneilson authored Aug 10, 2020
1 parent 00367f2 commit d2b9875
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 3 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,11 @@ cat key.crt decrypted_key.pem > key.pem
# Validate the certificate and key are valid.
echo "Validating server key"

set +x # Do not print out key modulus; it's a secret
KEY_MODULUS=$(openssl rsa -modulus -noout -in ./decrypted_key.pem | openssl md5)
CA_MODULUS=$(openssl x509 -modulus -noout -in ./key.crt | openssl md5)

test "${KEY_MODULUS}" == "${CA_MODULUS}"
test "${KEY_MODULUS}" == "${CA_MODULUS}" || exit 1
set -x

echo "Success - valid key"
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ function cleanup() {
exit ${RC}
}

trap cleanup EXIT
trap cleanup EXIT ERR SIGQUIT SIGKILL SIGTERM SIGPIPE

SCRIPT_DIR=$(dirname $0)
source "${SCRIPT_DIR}/secretsFunction.sh"
Expand All @@ -38,4 +38,5 @@ echo '");' >> ./temp.js
cat temp.js | tr -d '\n' > ./adminCredentials.js
rm -f ./temp.js

mongo --port 27017 --host localhost ./createAdminUser.js --quiet
mongo --port 27017 --host localhost ./createAdminUser.js --quiet
rm -f ./adminCredentials.js

0 comments on commit d2b9875

Please sign in to comment.