From 31a762a5cfcedbc744383ff0abaeb7731bfa85cf Mon Sep 17 00:00:00 2001
From: Stefan Bueringer <buringerst@vmware.com>
Date: Tue, 19 Aug 2025 09:54:33 +0200
Subject: [PATCH] Change crt permissions in KCP to 0600
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Stefan Büringer buringerst@vmware.com
---
 util/secret/certificates.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/util/secret/certificates.go b/util/secret/certificates.go
index 8af1c12eecf3..ac1f76399d8f 100644
--- a/util/secret/certificates.go
+++ b/util/secret/certificates.go
@@ -393,7 +393,7 @@ func (c *Certificate) AsFiles() []bootstrapv1.File {
 		out = append(out, bootstrapv1.File{
 			Path:        c.CertFile,
 			Owner:       rootOwnerValue,
-			Permissions: "0640",
+			Permissions: "0600",
 			Content:     string(c.KeyPair.Cert),
 		})
 	}