From a6f01974603f0a3ef1ffa435077979daa86557f5 Mon Sep 17 00:00:00 2001
From: Adam Miller <admiller@redhat.com>
Date: Thu, 30 Mar 2017 21:31:36 +0000
Subject: [PATCH] make certs for push-docker role more restricted access

Signed-off-by: Adam Miller <admiller@redhat.com>
---
 roles/push-docker/tasks/main.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/roles/push-docker/tasks/main.yml b/roles/push-docker/tasks/main.yml
index 9baad7f168..ed7025337a 100644
--- a/roles/push-docker/tasks/main.yml
+++ b/roles/push-docker/tasks/main.yml
@@ -13,11 +13,15 @@
   copy:
     src: "{{private}}/files/koji/{{docker_cert_name}}.cert.pem"
     dest: "{{docker_cert_dir}}/client.cert"
+    owner: root
+    mode: 0600
 
 - name: install docker client key for registry
   copy:
     src: "{{private}}/files/koji/{{docker_cert_name}}.key.pem"
     dest: "{{docker_cert_dir}}/client.key"
+    owner: root
+    mode: 0600
 
 - name: start and enable docker
   service: name=docker state=started enabled=yes