From 88dacebc94cd6832b1c0bb52ec83229980cba422 Mon Sep 17 00:00:00 2001
From: Stefan Prodan <stefan.prodan@gmail.com>
Date: Tue, 2 Nov 2021 16:22:16 +0200
Subject: [PATCH] bootstrap: Set ECDSA as the default SSH key algorithm
 Motivation: RSA SHA-1 SSH keys are no longer accepted by GitHub
 https://github.blog/2021-09-01-improving-git-protocol-security-github/. Given
 this we are switching the default from RSA to ECDSA for `git`, `github` and
 `gitlab` variants of `flux bootstrap`.

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
---
 cmd/flux/bootstrap.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cmd/flux/bootstrap.go b/cmd/flux/bootstrap.go
index 5b0eb405..278da91a 100644
--- a/cmd/flux/bootstrap.go
+++ b/cmd/flux/bootstrap.go
@@ -140,7 +140,7 @@ func NewBootstrapFlags() bootstrapFlags {
 	return bootstrapFlags{
 		logLevel:           flags.LogLevel(rootArgs.defaults.LogLevel),
 		requiredComponents: []string{"source-controller", "kustomize-controller"},
-		keyAlgorithm:       flags.PublicKeyAlgorithm(sourcesecret.RSAPrivateKeyAlgorithm),
+		keyAlgorithm:       flags.PublicKeyAlgorithm(sourcesecret.ECDSAPrivateKeyAlgorithm),
 		keyRSABits:         2048,
 		keyECDSACurve:      flags.ECDSACurve{Curve: elliptic.P384()},
 	}
-- 
GitLab