Closed Foosec closed 3 weeks ago
sonarcloud[bot]
commented
1 month ago 
Quality Gate passedIssues
0 New issues
0 Accepted issues
Measures
0 Security Hotspots
No data about Coverage
No data about Duplication
Foosec
commented
1 month ago @mlsmaycon Is this being considered? We could discuss also implementing it for the management interface, which would be a cool and security boosting extension to this PR!
Foosec
commented
3 weeks ago @mlsmaycon Sorry for bothering you, its unclear to me whether this was closed due to the deletion of netbirdio:0.28.0, or is it not a wanted feature? Thank you!
mlsmaycon
commented
3 weeks ago Hello @Foosec this was closed because of the other PR. My bad, I should've updated it before that.
Can you reopen it against main? We should have more capacity to evaluate it in the coming weeks.
Describe your changes
Adds ClientCertPath and ClientCertKey to the config, to provide mTLS credentials for IDP authentication. A usecase is having your IDP behind a mTLS terminating reverse proxy, thus reducing the risk of 0 day exploits against your IDP and adding an extra step of authentication. This is a feature that could be extended to cover netbird management as well.
I would be very happy to have someone more used to the code point out if something is miss placed. Ideally this could be added to the UI and possibly to mobile clients as well, but i did not want to go poking in the UI code without even an idea if this would be approved.
Issue ticket number and link
Checklist