Rotate update keys | Tauri Apps | Page 1

wooden tiger Aug 9, 2023, 9:11 PM

#

Hi Tauri all stars!
Could someone point me to any documentation on rotating the signing keypair for updater? I haven't seen anything after a few searches.
I'm guessing the manual way of doing it would be to ship a version with the next keypair public key in tauri.conf.json, but sign it with the soon-to-deprecate keys.
Any other patterns I'm missing?

wooden tiger Aug 9, 2023, 11:45 PM

#

Assuming there's no other pattern, my suggestion would be making tauri.updater.pubkey a Vec instead of single option.

hushed bolt Aug 10, 2023, 8:20 AM

#

if you think this may be a valuable change then feel free to open a feature request on github

gentle axle Aug 10, 2023, 9:52 AM

#

I think its a good idea, and I recall speaking with @vast ice about this

vast ice Aug 10, 2023, 9:58 AM

#

this manual way of doing it is the only way to it right now

#

please open a feature request.. there's also security we should consider here

wooden tiger Aug 10, 2023, 2:57 PM

#

thank you, will do!

wooden tiger Aug 10, 2023, 3:14 PM

#

here: https://github.com/tauri-apps/tauri/issues/7585

GitHub

[feat] Rotating upgrade keypairs · Issue #7585 · tauri-apps/tauri

Describe the problem Key pairs for upgrades need to be rotated with some frequency. There is not out-of-the box way to transition keys. The only way to update a keypair which is used in a productio...

gentle axle Aug 10, 2023, 3:31 PM

#

awesome

#Rotate update keys