From 28e4c55785246f99706ca9bb07a95b89ddd74c00 Mon Sep 17 00:00:00 2001
From: Fernandez Ludovic <lfernandez.dev@gmail.com>
Date: Tue, 14 May 2019 11:10:14 +0200
Subject: [PATCH] fix: restrict private file permissions.

---
 dumper/dumper.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/dumper/dumper.go b/dumper/dumper.go
index 066f151..af63a78 100644
--- a/dumper/dumper.go
+++ b/dumper/dumper.go
@@ -40,7 +40,7 @@ func Dump(data *StoredData, baseConfig *BaseConfig) error {
 	}
 
 	privateKeyPem := extractPEMPrivateKey(data.Account)
-	err := ioutil.WriteFile(filepath.Join(baseConfig.DumpPath, keysSubDir, "letsencrypt"+baseConfig.KeyInfo.Ext), privateKeyPem, 0666)
+	err := ioutil.WriteFile(filepath.Join(baseConfig.DumpPath, keysSubDir, "letsencrypt"+baseConfig.KeyInfo.Ext), privateKeyPem, 0600)
 	if err != nil {
 		return err
 	}
@@ -81,7 +81,7 @@ func writeKey(dumpPath string, cert *Certificate, info FileInfo, domainSubDir bo
 		}
 	}
 
-	return ioutil.WriteFile(keyPath, cert.Key, 0666)
+	return ioutil.WriteFile(keyPath, cert.Key, 0600)
 }
 
 func extractPEMPrivateKey(account *Account) []byte {