There is currently no mechanism to set a passphrase for a TLS Private Key (that is, a Private Key that is encrypted with a Passphrase) for a pytak-based tool. This means that you cannot run a pytak-based tool in the background or as a service, as the tool has no means of accepting a passphrase for the private key from a user.
It's probably possible to add support for this, but in the mean-time, a work-around is to decrypt the Private Key and use that with the pytak-tool, instead of the encrypted Private Key.
For example, given the encrypted Private key 'my_cert.key.pem', you can decrypt the private key and remove the passphrase with this command:
There is currently no mechanism to set a passphrase for a TLS Private Key (that is, a Private Key that is encrypted with a Passphrase) for a pytak-based tool. This means that you cannot run a pytak-based tool in the background or as a service, as the tool has no means of accepting a passphrase for the private key from a user.
It's probably possible to add support for this, but in the mean-time, a work-around is to decrypt the Private Key and use that with the pytak-tool, instead of the encrypted Private Key.
For example, given the encrypted Private key 'my_cert.key.pem', you can decrypt the private key and remove the passphrase with this command:
This will result in a new file
my_cert-nopass.key.pemthat you can then pass to the pytak-based tool:Or inline:
Or with systemd: