From fa762ff627d74fc0510633d31304a47602a64778 Mon Sep 17 00:00:00 2001
From: Igor Vinokur <ivinokur@redhat.com>
Date: Wed, 9 Oct 2019 09:30:20 +0300
Subject: [PATCH] Set 600 file permissons to mounted SSH keys (#14791)

In order to avoid UNPROTECTED PRIVATE KEY FILE Error while ssh operations, set 600 file permissions level to all mounted SSH keys.
---
 .../kubernetes/provision/VcsSshKeysProvisioner.java         | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/provision/VcsSshKeysProvisioner.java b/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/provision/VcsSshKeysProvisioner.java
index c63c658c74a..19d2a5b8a96 100644
--- a/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/provision/VcsSshKeysProvisioner.java
+++ b/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/provision/VcsSshKeysProvisioner.java
@@ -160,7 +160,11 @@ private void mountSshKeySecret(String secretName, String sshKeyName, PodSpec pod
         .add(
             new VolumeBuilder()
                 .withName(secretName)
-                .withSecret(new SecretVolumeSourceBuilder().withSecretName(secretName).build())
+                .withSecret(
+                    new SecretVolumeSourceBuilder()
+                        .withSecretName(secretName)
+                        .withDefaultMode(0600)
+                        .build())
                 .build());
     List<Container> containers = podSpec.getContainers();
     containers.forEach(