Previously, Cert secrets didn't change which increases possible exposure. Command line history, for example, could divulge the secret.
Approach
Every time a secret is used to download the privkey, the secret is reset and will need to be retrieved again for future use. This should be okay because any future need for downloading the privkey will require manual intervention on the endpoint anyways.
Testing
Try downloading the cert twice in a row with the same secret.
This PR addresses the following issues:
Fixes #74
Context
Previously, Cert secrets didn't change which increases possible exposure. Command line history, for example, could divulge the secret.
Approach
Every time a secret is used to download the privkey, the secret is reset and will need to be retrieved again for future use. This should be okay because any future need for downloading the privkey will require manual intervention on the endpoint anyways.
Testing
Try downloading the cert twice in a row with the same secret.