From 1fd3ac5d3ae341f194f87e57a50817c8b965b0d6 Mon Sep 17 00:00:00 2001
From: Niall Sheridan <nsheridan@gmail.com>
Date: Thu, 2 Jun 2016 21:55:35 +0100
Subject: [PATCH] Set an expiry on keys added to the agent

---
 cmd/cashier/main.go | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/cmd/cashier/main.go b/cmd/cashier/main.go
index 768ebcdf..3a341085 100644
--- a/cmd/cashier/main.go
+++ b/cmd/cashier/main.go
@@ -31,10 +31,12 @@ var (
 )
 
 func installCert(a agent.Agent, cert *ssh.Certificate, key key) error {
+	lifetime := time.Unix(int64(cert.ValidBefore), 0).Sub(time.Now()).Seconds()
 	pubcert := agent.AddedKey{
-		PrivateKey:  key,
-		Certificate: cert,
-		Comment:     cert.KeyId,
+		PrivateKey:   key,
+		Certificate:  cert,
+		Comment:      cert.KeyId,
+		LifetimeSecs: uint32(lifetime),
 	}
 	if err := a.Add(pubcert); err != nil {
 		return fmt.Errorf("error importing certificate: %s", err)
-- 
GitLab