Merge pull request #2042 from fluxcd/ecdsa-default

Set ECDSA as the default algorithm for `flux create source git`
Set ECDSA as the default algorithm for flux create source git
2026-03-08 21:36:56 +00:00 · 2021-11-02 17:42:49 +02:00 · 2021-11-02 17:21:10 +02:00 · 2021-11-02 17:15:57 +02:00 · 2021-11-02 16:49:17 +02:00 · 2021-11-02 16:22:16 +02:00
3 changed files with 3 additions and 3 deletions
--- a/cmd/flux/bootstrap.go
+++ b/cmd/flux/bootstrap.go
@@ -140,7 +140,7 @@ func NewBootstrapFlags() bootstrapFlags {
 	return bootstrapFlags{
 		logLevel:           flags.LogLevel(rootArgs.defaults.LogLevel),
 		requiredComponents: []string{"source-controller", "kustomize-controller"},
-		keyAlgorithm:       flags.PublicKeyAlgorithm(sourcesecret.RSAPrivateKeyAlgorithm),
+		keyAlgorithm:       flags.PublicKeyAlgorithm(sourcesecret.ECDSAPrivateKeyAlgorithm),
 		keyRSABits:         2048,
 		keyECDSACurve:      flags.ECDSACurve{Curve: elliptic.P384()},
 	}
--- a/cmd/flux/create_secret_git.go
+++ b/cmd/flux/create_secret_git.go
@@ -105,7 +105,7 @@ func init() {
 func NewSecretGitFlags() secretGitFlags {
 	return secretGitFlags{
-		keyAlgorithm: flags.PublicKeyAlgorithm(sourcesecret.RSAPrivateKeyAlgorithm),
+		keyAlgorithm: flags.PublicKeyAlgorithm(sourcesecret.ECDSAPrivateKeyAlgorithm),
 		rsaBits:      2048,
 		ecdsaCurve:   flags.ECDSACurve{Curve: elliptic.P384()},
 	}
--- a/cmd/flux/create_source_git.go
+++ b/cmd/flux/create_source_git.go
@@ -143,7 +143,7 @@ func init() {
 func newSourceGitFlags() sourceGitFlags {
 	return sourceGitFlags{
-		keyAlgorithm:  flags.PublicKeyAlgorithm(sourcesecret.RSAPrivateKeyAlgorithm),
+		keyAlgorithm:  flags.PublicKeyAlgorithm(sourcesecret.ECDSAPrivateKeyAlgorithm),
 		keyRSABits:    2048,
 		keyECDSACurve: flags.ECDSACurve{Curve: elliptic.P384()},
 	}
Author	SHA1	Message	Date
Stefan Prodan	c2c64a70c4	Merge pull request #2042 from fluxcd/ecdsa-default Set ECDSA as the default algorithm for `flux create source git`	2021-11-02 17:42:49 +02:00
Stefan Prodan	4621576f40	Set ECDSA as the default algorithm for `flux create source git` Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2021-11-02 17:21:10 +02:00
Stefan Prodan	3b609e9b03	Merge pull request #2041 from fluxcd/bootstrap-ecdsa-default bootstrap: Set ECDSA as the default SSH key algorithm	2021-11-02 17:15:57 +02:00
Stefan Prodan	4f2ebd78be	Set ECDSA as the default algorithm for `flux create secret git` Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2021-11-02 16:49:17 +02:00
Stefan Prodan	88dacebc94	bootstrap: Set ECDSA as the default SSH key algorithm Motivation: RSA SHA-1 SSH keys are no longer accepted by GitHub https://github.blog/2021-09-01-improving-git-protocol-security-github/. Given this we are switching the default from RSA to ECDSA for `git`, `github` and `gitlab` variants of `flux bootstrap`. Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2021-11-02 16:22:16 +02:00