#Unable to change access control for my private key on mac install#
To follow along you can brew install step to get both (see full install instructions here). But I’ll be using two open source projects we built at smallstep in various demonstrations: the step CLI and step certificates.
An hour is a pretty small investment to learn something you literally can’t do any other way. I reckon most engineers can wrap their heads around all the most important concepts and common quirks in less than an hour. It’s just slightly annoying and poorly documented. No harder than learning a new language or database. Certificates are the best way to identify code and devices, and identity is super useful for security, monitoring, metrics, and a million other things. The math is complicated, and the standards are stupidly baroque, but the core concepts are actually quite simple. PKI is really powerful, and really interesting. Now that I have learned, I regret not doing so sooner. You can ignore everything about your network and still have strong security characteristics. It’s conceptually simple and super flexible. It works everywhere so bits of your system can run anywhere and communicate securely.
The obvious result was a vicious cycle: I was too embarrassed to ask questions so I never learned.Įventually I was forced to learn this stuff because of what it enables: PKI lets you define a system cryptographically. Personally, I avoided it for a long time and felt some shame for not knowing more. No shit, right? I know a lot of smart people who’ve avoided this particular rabbit hole. Certificates and public key infrastructure (PKI) are hard.
0 kommentar(er)
