[Security] H2: SSL Bump Key Exposure Risk - Implement secure key wiping + tmpfs

## Priority
**High**

## Description
The SSL Bump feature generates a per-session CA private key stored on disk with file permissions as sole protection. This creates exposure windows during container escape scenarios where an attacker could access the private key.

## Impact
- **Severity**: High
- **Attack Vector**: Container escape could expose CA private key
- **Risk**: SSL interception, man-in-the-middle attacks

## Proposed Solution
1. Store SSL Bump CA keys in tmpfs (memory-only filesystem)
2. Implement secure key wiping when cleaning up
3. Minimize key lifetime and exposure window

## Effort Estimate
~4 hours

## References
- Source: Daily Security Review Discussion #228
- Related to SSL Bump feature implementation

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Security] H2: SSL Bump Key Exposure Risk - Implement secure key wiping + tmpfs #247

Priority

Description

Impact

Proposed Solution

Effort Estimate

References

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

[Security] H2: SSL Bump Key Exposure Risk - Implement secure key wiping + tmpfs #247

Description

Priority

Description

Impact

Proposed Solution

Effort Estimate

References

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions