-
Notifications
You must be signed in to change notification settings - Fork 88
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Why is there a private RSA key in this repository? #43
Comments
Very good point. I did this for convenience, but generating a key on startup is indeed a much better idea! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I have not looked into how this code works, as I don't personally use Docker for anything at the moment, but a friend mentioned this repository to me, and when I saw the
id_rsa
file, I couldn't help myself but create an issue. I can imagine no scenario where having an RSA private key in the wild for something that someone may use for production is a good idea.You mention in the readme:
Is that not bad security practice? I mean, in most situations when someone would use this, it's not going to be publicly accessible, but is that really a smart idea to have a default security key for anything in the first place? You even discourage people from setting up no authentication in the readme (and mention that it will log every event in that case):
Why not generate the key on setup; many systems have the required system packages in place.
The text was updated successfully, but these errors were encountered: