From f0253ccaf219379df5686c5b5491cfe0a45befb3 Mon Sep 17 00:00:00 2001
From: "Greg T. Wallace" <greg@gregtwallace.com>
Date: Tue, 4 Jun 2024 18:59:36 -0400
Subject: [PATCH] create: set file permissiosns to owner only

---
 pkg/app/cmd_create.go | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/pkg/app/cmd_create.go b/pkg/app/cmd_create.go
index 46b239c..c6b6750 100644
--- a/pkg/app/cmd_create.go
+++ b/pkg/app/cmd_create.go
@@ -48,13 +48,13 @@ func (app *app) cmdCreate(_ context.Context, args []string) error {
 	}
 
 	// write files
-	err = os.WriteFile(keyCertFileName, apcKeyCertFile, 0777)
+	err = os.WriteFile(keyCertFileName, apcKeyCertFile, 0600)
 	if err != nil {
 		return fmt.Errorf("create: failed to write apc p15 key+cert file (%s)", err)
 	}
 	app.stdLogger.Printf("create: apc p15 key+cert file %s written to disk", keyCertFileName)
 
-	err = os.WriteFile(keyFileName, keyFile, 0777)
+	err = os.WriteFile(keyFileName, keyFile, 0600)
 	if err != nil {
 		return fmt.Errorf("create: failed to write apc p15 key file (%s)", err)
 	}
@@ -64,21 +64,21 @@ func (app *app) cmdCreate(_ context.Context, args []string) error {
 	// easy to do e.g., https://lapo.it/asn1js)
 	if app.config.debugLogging != nil && *app.config.debugLogging {
 		keyCertFileNameDebug := keyCertFileName + ".noheader.b64"
-		err = os.WriteFile(keyCertFileNameDebug, []byte(base64.StdEncoding.EncodeToString(apcKeyCertFile[apcHeaderLen:])), 0777)
+		err = os.WriteFile(keyCertFileNameDebug, []byte(base64.StdEncoding.EncodeToString(apcKeyCertFile[apcHeaderLen:])), 0600)
 		if err != nil {
 			return fmt.Errorf("create: failed to write apc p15 key+cert file (%s)", err)
 		}
 		app.debugLogger.Printf("create: apc p15 key+cert file %s written to disk", keyCertFileNameDebug)
 
 		keyCertFileNameHeaderDebug := keyCertFileName + ".header.b64"
-		err = os.WriteFile(keyCertFileNameHeaderDebug, []byte(base64.StdEncoding.EncodeToString(apcKeyCertFile[apcHeaderLen:])), 0777)
+		err = os.WriteFile(keyCertFileNameHeaderDebug, []byte(base64.StdEncoding.EncodeToString(apcKeyCertFile[apcHeaderLen:])), 0600)
 		if err != nil {
 			return fmt.Errorf("create: failed to write apc p15 key+cert file (%s)", err)
 		}
 		app.debugLogger.Printf("create: apc p15 key+cert file header %s written to disk", keyCertFileNameHeaderDebug)
 
 		keyFileNameDebug := keyFileName + ".b64"
-		err = os.WriteFile(keyFileNameDebug, []byte(base64.StdEncoding.EncodeToString(keyFile)), 0777)
+		err = os.WriteFile(keyFileNameDebug, []byte(base64.StdEncoding.EncodeToString(keyFile)), 0600)
 		if err != nil {
 			return fmt.Errorf("create: failed to write apc p15 key file (%s)", err)
 		}