Remove / Encrypt Private Keys in Database

maykinmedia / django-simple-certmanager

MIT License

0 stars 0 forks source link

Remove / Encrypt Private Keys in Database #45

Closed sam-bertin closed 1 month ago

sam-bertin commented 2 months ago

The private key from the SigningRequest are stored in the data base without encryption for now. It might be a good idea to either encrypt them or remove the private key from the instance when the instance has been associated to a Certificate.

alextreme commented 2 months ago

Discussed with @CharString, this is a valid issue. As database encryption has other problems of its own I suggest that we remove the privatekey from the SigningRequest after a valid certificate has been uploaded