sc/sgard
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Step 23: TLS transport for sgardd and sgard client.

Browse Source 
Server: --tls-cert/--tls-key flags enable TLS (min TLS 1.2).
Client: --tls enables TLS transport, --tls-ca for custom CA certs.
Two integration tests: push/pull over TLS, reject untrusted client.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Kyle Isom
2026-03-24 11:57:03 -07:00
parent c00d9c65c3
commit 3fabd86150
7 changed files with 329 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
PROJECT_PLAN.md
View File

@@ -237,12 +237,12 @@ Depends on Steps 17, 18.
### Step 23: TLS Transport for sgardd
- [ ] `cmd/sgardd/main.go`: add `--tls-cert`, `--tls-key` flags
- [ ] Server uses `credentials.NewTLS()` when cert/key provided, insecure otherwise
- [ ] Client: add `--tls` flag and `--tls-ca` for custom CA
- [ ] Update `cmd/sgard/main.go` and `dialRemote()` for TLS
- [ ] Tests: TLS connection with self-signed cert
- [ ] Update ARCHITECTURE.md and README.md
- [x] `cmd/sgardd/main.go`: add `--tls-cert`, `--tls-key` flags
- [x] Server uses `credentials.NewTLS()` when cert/key provided, insecure otherwise
- [x] Client: add `--tls` flag and `--tls-ca` for custom CA
- [x] Update `cmd/sgard/main.go` and `dialRemote()` for TLS
- [x] Tests: TLS connection with self-signed cert (push/pull cycle, reject untrusted client)
- [x] Update ARCHITECTURE.md and README.md
### Step 24: DEK Rotation