chore: Update create-secrets script to restrict file permissions

The create-secrets script has been updated to restrict file permissions to 400, ensuring that the secrets file is only accessible by the owner. This improves the security of the secrets stored in the file.
NethServer · Jun 17, 2024 · 19e551b · 19e551b
1 parent d04f677
commit 19e551b
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/imageroot/bin/create-secrets b/imageroot/bin/create-secrets
@@ -7,14 +7,16 @@
 
 set -e
 
-# restict to 400
-umask 266
+
 
 if [[ ! -d ~/.config/state/secrets ]]; then
     /usr/bin/mkdir -p ~/.config/state/secrets
 fi
 
+# restict to 400
+umask 266
+
 if [[ ! -f ~/.config/state/secrets/passwords.secret ]]; then
     password_postgres=$(/usr/bin/openssl rand -hex 20)
     /usr/bin/echo "POSTGRES_PASSWORD=$password_postgres" > ~/.config/state/secrets/passwords.secret
-fi
+fi