Having a passcode to protect a key file for a production service is pointless, because you move the problem of storing the certificate securely to the problem of storing the passcode securely, so might as well skip the passcode and store the cert securely.
Your certificate is probably encoded as a PEM cert, so you'd have to manually call https://golang.org/pkg/crypto/x509/#DecryptPEMBlock and provide a password, then construct your listener yourself using the unmarshaled certificate. So, how are you going to protect this passcode? Is someone going to have to provide it every time you start? Generally, in production systems, we use some kind of secret manager to store that certificate, such as AWS Secrets Manager or encrypt it with KMS, store it in Vault, etc. Ideally, you actually make a subordinate cert for that service and rotate it at a reasonable interval. On Fri, Oct 16, 2020 at 2:06 PM Rich <rma...@gmail.com> wrote: > I don't know if we're the only company on the planet that demands the > https keys have a passcode to them but I've been having a heck of a time > trying to find a good way to serve https using a key with a passphrase. > > err := ListenAndServeTLS(addr, certFile, keyFile string > <https://godoc.org/builtin#string>, handler Handler > <https://godoc.org/net/http#Handler>) > > If they keyFile has a passcode this doesn't work and the examples I've > seen take this one line and turn it into a much longer chunk of code. > > -- > You received this message because you are subscribed to the Google Groups > "golang-nuts" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to golang-nuts+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/golang-nuts/c75fc8f6-abe4-4614-8281-cef4cb315ac3n%40googlegroups.com > <https://groups.google.com/d/msgid/golang-nuts/c75fc8f6-abe4-4614-8281-cef4cb315ac3n%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/CA%2Bv29LtOt-JXdpfvTFMhLMFS729PR0ASe_4xMsQzEkvDN%2BigjA%40mail.gmail.com.
