gmakstutis/openrag
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

key permissions

Browse source
This commit is contained in:
phact 2025-10-07 13:18:31 -04:00
parent a669c19391
commit 325358e917
1 changed files with 13 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
src/main.py
View file

@ -242,6 +242,9 @@ def generate_jwt_keys():
capture_output=True, capture_output=True,
) )
# Set restrictive permissions on private key (readable by owner only)
os.chmod(private_key_path, 0o600)
# Generate public key # Generate public key
subprocess.run( subprocess.run(
[ [
@ -257,12 +260,21 @@ def generate_jwt_keys():
capture_output=True, capture_output=True,
) )
# Set permissions on public key (readable by all)
os.chmod(public_key_path, 0o644)
logger.info("Generated RSA keys for JWT signing") logger.info("Generated RSA keys for JWT signing")
except subprocess.CalledProcessError as e: except subprocess.CalledProcessError as e:
logger.error("Failed to generate RSA keys", error=str(e)) logger.error("Failed to generate RSA keys", error=str(e))
raise raise
else: else:
logger.info("RSA keys already exist, skipping generation") # Ensure correct permissions on existing keys
try:
os.chmod(private_key_path, 0o600)
os.chmod(public_key_path, 0o644)
logger.info("RSA keys already exist, ensured correct permissions")
except OSError as e:
logger.warning("Failed to set permissions on existing keys", error=str(e))
async def init_index_when_ready(): async def init_index_when_ready():