git-echo/linux_patch_api
Private
Public Access
1
0
Fork 0
Code Releases 32 Wiki Activity
Files
eac05ad1eb879b911c4376ee896bec483f76528a
linux_patch_api/tests/e2e/certs/README.md
Draco-Lunaris-Echo efaac33c47
Some checks failed
CI/CD Pipeline / Code Format (push) Successful in 3s
CI/CD Pipeline / Clippy Lints (push) Successful in 43s
CI/CD Pipeline / All Unit Tests (push) Successful in 1m12s
CI/CD Pipeline / Security Audit (push) Successful in 5s
CI/CD Pipeline / Enrollment Tests (push) Successful in 1m12s
CI/CD Pipeline / Build Debian Package (Ubuntu 22.04) (push) Failing after 4s
CI/CD Pipeline / Verify Enrollment CLI Flag (push) Successful in 57s
CI/CD Pipeline / Build Debian Package (push) Failing after 4s
CI/CD Pipeline / Build RPM Package (push) Successful in 2m12s
CI/CD Pipeline / Build Arch Package (push) Successful in 2m18s
CI/CD Pipeline / Build Alpine Package (push) Failing after 3m7s
fix: remove committed private keys and add runtime cert generation (closes #12) 
- Remove all private key files from git tracking (git rm --cached)
  - configs/certs/ca.key.pem, server.key.pem, client001.key.pem
  - tests/e2e/certs/client.key
  - Also remove public certs from configs/certs/ (generated at runtime)
- Add .gitignore patterns for *.key, *.key.pem, configs/certs/*.pem, *.srl
- Add scripts/generate-dev-certs.sh for runtime test cert generation
- Update Python e2e test to generate certs on demand (ensure_certs())
- Update test_wrong_cert_connection to generate wrong-CA certs at runtime
- Add gitleaks secret scanning job to CI workflow
- Update SECURITY_FINDINGS_REPORT.md with critical finding for Issue #12
- Update SECURITY_CONTROLS_MATRIX.md evidence references
- Add README.md to configs/certs/ and tests/e2e/certs/

Private keys were dev/test only - no production key rotation needed.
Git history purge with filter-repo will follow after PR merge.

Co-authored-by: git-echo <git-echo@moon-dragon.us>
2026-06-06 13:20:43 -05:00

715 B
Raw Blame History

E2E Test Certificates

⚠️ Private keys are NOT committed to version control.

This directory holds mTLS certificates used by the Python E2E test suite. The client.key private key is excluded from git via .gitignore.

Generating Test Certificates

Certificates are generated automatically by the E2E test runner, or manually:

./scripts/generate-dev-certs.sh

This script creates ca.crt, client.crt, and client.key in this directory.

Files

File Committed Description
ca.crt Yes CA certificate (public)
client.crt Yes Client certificate (public)
client.key No Client private key (gitignored)