From 87607da685737fd30dbb4cdb19f8b764eed215e2 Mon Sep 17 00:00:00 2001
From: Tom Limoncelli <tlimoncelli@stackoverflow.com>
Date: Fri, 22 May 2020 10:26:22 -0400
Subject: [PATCH] 'get-certs' permissions too open (#745)

Fixes https://github.com/StackExchange/dnscontrol/issues/728
---
 pkg/acme/directoryStorage.go | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/pkg/acme/directoryStorage.go b/pkg/acme/directoryStorage.go
index c2e563650..0a1218b7b 100644
--- a/pkg/acme/directoryStorage.go
+++ b/pkg/acme/directoryStorage.go
@@ -34,8 +34,7 @@ func (d directoryStorage) accountKeyFile(acmeHost string) string {
 	return filepath.Join(d.accountDirectory(acmeHost), "account.key")
 }
 
-// TODO: probably lock these down more
-const perms os.FileMode = 0644
+const perms os.FileMode = 0600
 const dirPerms os.FileMode = 0700
 
 func (d directoryStorage) GetCertificate(name string) (*certificate.Resource, error) {