search

afosto / yaac

Yet another ACME client: a decoupled LetsEncrypt client
Other
219 stars 85 forks source link

Supply private Key with $client->createOrder(); #17

Closed ticktoo closed 3 years ago

ticktoo commented 4 years ago

Cheers,

we are trying to implement your ACME client within our infrastructure, thanks for your excellent work. I have a question. You expect the private key to be placed in a certain filesystem location. If the client-Class does not find the key, it creates a new one an stores it on your designated fs-location. It is not transparent to me, if my specific key was used to create the CSR or if the class created a new one in a filesystem location, I've probably not expected (within distributed systems).

Why don't you supply a parameter within $client->createOrder() or within the constructor to supply the private key? This would seem to me much more straightforward as the private key needs special treatment within automated infrastructures. Also, a $client->setPrivateKey() function would be suitable and seems more fail-safe in distributed environments as silently create a new key. Would you accept a pull request or is this utterly out of your scope?

Thank you very much. I appreciate your work. Sebastian Kraus ticktoo Systems

bakkerpeter commented 4 years ago

Hi Sebastian, thanks for reaching out. I understand your usecase, it is definitely not out of scope and think we could fix it. I would happilly review and merge a PR.

Cheers, Peter

Op za 27 jun. 2020 16:25 schreef ticktoo Systems notifications@github.com:

Cheers,

we are trying to implement your ACME client within our infrastructure, thanks for your excellent work. I have a question. You expect the private key to be placed in a certain filesystem location. If the client-Class does not find the key, it creates a new one an stores it on your designated fs-location. It is not transparent to me, if my specific key was used to create the CSR or if the class created a new one in a filesystem location, I've probably not expected (within distributed systems).

Why don't you supply a parameter within $client->createOrder() or within the constructor to supply the private key? This would seem to me much more straightforward as the private key needs special treatment within automated infrastructures. Also, a $client->setPrivateKey() function would be suitable and seems more fail-safe in distributed environments as silently create a new key. Would you accept a merge request or is this utterly out of your scope?

Thank you very much. I appreciate your work. Sebastian Kraus ticktoo Systems

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/afosto/yaac/issues/17, or unsubscribe https://github.com/notifications/unsubscribe-auth/AFROB2BVJWCMJ3YWWRIK2DLRYX6MXANCNFSM4OKBWCYA .

bakkerpeter commented 3 years ago

Closing for now. If this become urgent again, please go ahead and send in a PR.