Skip to content

Are user (actor) signing keys stored in cleartext on disk? #3247

Discussion options

You must be logged in to vote

I believe you're correct, but bear in mind that the repo signing keys are replaceable (e.g. via did:plc rotation keys) if they're ever compromised (and there's talk of rotating them on a more regular basis). Kinda like how your TLS private keys usually just sit on disk accessible by your httpd.

Replies: 1 comment 5 replies

Comment options

You must be logged in to vote
5 replies
@Jaennaet
Comment options

@DavidBuchanan314
Comment options

@Jaennaet
Comment options

@Jaennaet
Comment options

@bnewbold
Comment options

Answer selected by bnewbold
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
3 participants