passphrases for CA and certificates

[luxus]

Is it possible set passphrases while creating certificates and CA's via the api?

[necheffa]

@luxus this is not currently a supported feature.

[luxus]

are there plans to implement it and is it hard/take a long time?

[necheffa]

I do not believe there is currently any ongoing work to add such a feature.

In terms of difficulty to implement: I wouldn't think it is super hard but it probably isn't a one-weekend project either.
The REST API itself is probably a trivial change. Where things get a little interesting would be goca.go, ca.go, and cert/cert.go; here you'd need to adjust a few function signatures to handle a password parameter and some additional branching to handle certs with passwords and certs without. Which in it of itself is just busy work. But designing for API compatibility would take a little thinking and you might also think about using a pre-allocated byte slice (rather than a string) to hold the password so the memory location could be overwritten after use which could add a wrinkle or two.

[kairoaraujo]

I think we can keep it open as a feature request.
Maybe someone can implement it in the future.