Page MenuHomePhabricator
Create Task
Maniphest T5553

Allow SSL certificate to be stored in Passphrase
Open, NormalPublic
Actions

Description

We are currently using SSH key type passphrases: the description field to store the certificate and the private key goes in secret. It's not very practical as the description field is rendered with the newlines stripped on the passphrase page.

Related Objects

Event Timeline

swisspol created this task.Jul 4 2014, 4:56 AM
swisspol raised the priority of this task from to Needs Triage.
swisspol updated the task description. (Show Details)
swisspol added a subscriber: swisspol.
chad triaged this task as Normal priority.Jul 4 2014, 5:32 AM
chad added a project: Passphrase.
epriestley added a subscriber: epriestley.Jul 4 2014, 2:34 PM

Is this meaningfully different than T5398 ("block of text" credential type)? I can't think of very much we could usefully do by knowing that the credential is an SSL certificate.

swisspol added a comment.Jul 4 2014, 2:38 PM

I'm not sure how you plan to implement T5398, but if you wanted to properly store an SSL cert, you would really need these fields:

  • name (required)
  • description (optional)
  • cert (required)
  • cert chain (optional)
  • key (required and encrypted)

You could imaging calling OpenSSL to verify the cert too.

sophiebits added a subscriber: sophiebits.Dec 10 2014, 7:35 PM
csilvers added a subscriber: csilvers.Dec 10 2014, 8:01 PM

swisspol: what we do, which could be a workaround for you, is to store the private key in secret, and upload the certificate via /file. Files have access control as well, so you can limit access to the certificate. Then the description in passkey is something like 'Download the certificate at Fxxxx'.

epriestley merged a task: T12286: Passphrase Conduit API does not specify secret for Note credential type.Feb 17 2017, 2:35 PM
epriestley added a subscriber: pouyana.
Phabricator · Built by Phacility