feat: handle ssl password

[burahimu]

We figured out that steampipe does not handle private key protected with a passphrase. This should fix that by adding sslpassword and ssl_passphrase_command options (and ssl_passphrase_command_supports_reload)

Note

The server.key content must contains Proc-Type and DEK-Info headers.

It is possible by adding -traditional to openssl command:

openssl genrsa -aes256 -out $STEAMPIPE_INSTALL_DIR/db/14.2.0/data/server.key -passout pass:steampipe -traditional 2048

[CLAassistant]

All committers have signed the CLA.

[e-gineer]

This is a good feature and PR. Some questions:

• Should this focus have CLI arguments etc? It's consistent, but perhaps simpler to start with just the env var for this (edge) case.
• If the password env var is set, would that affect our automatic certificate creation? How do we make that behavior clear?

[burahimu]

Should this focus have CLI arguments etc? It's consistent, but perhaps simpler to start with just the env var for this (edge) case.

Yes it can be set only in env var as a first step. Would you like this behavior?

If the password env var is set, would that affect our automatic certificate creation? How do we make that behavior clear?

For instance, I believe steampipe will override the server.key file with no passphrase. The certificate renew will be specific to the authority managing the certificates, unless you want steampipe to manage the case?

[kaidaguerre]

@burahimu

Yes it can be set only in env var as a first step. Would you like this behavior?

Yes, I think for the initial implementation, just an env var would be good

[burahimu]

Done ✅

[kaidaguerre]

thanks!