disallow http keys

flyingcircusio · Sep 12, 2023 · 8e51f76 · 8e51f76
1 parent 1372ae3
commit 8e51f76
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/src/batou/secrets/__init__.py b/src/batou/secrets/__init__.py
@@ -489,6 +489,9 @@ def process_age_recipients(members, environment_path):
             # and add it to the key meta file
             if key.startswith("http://"):
                 print("WARNING: Downloading public keys over http is insecure!")
+                raise ValueError(
+                    "Downloading public keys over http is insecure!"
+                )
             key_meta_file_content += f"# ssh key file from {key}\n"
             if debug:
                 print(f"Downloading key file from `{key}`")