I’m creating an Open Source Python program that does API calls to my server. To help reduce attackers I decided to use CloudFlare API Shield. I created a Client Certificate using CloudFlare dashboard. I copied the crt/key into the program and adjusted the request.get() to include the cert=crt,key files.
I tested it and it works great. I read the CloudFlare documentation and it only talks about the cert/key in IoT devices or mobile applications.
The program I’m creating is open source and will be on GitHub. Including the crt/key in the program seems to be a huge security hole. Anyone could grab the crt/key and attack the server making the CloudFlare API Shield mute.
I’m new to crt/key. I’m working on understanding how this all works. Please excuse me if I am missing something.
Is the API Shield only a feature for IoT devices and mobile apps? Not something that should be used in open-source software?
I spoke to a Python developer on Discord and he/she stated that the program should generate the crt/key and the key be transferred to CloudFlare. That makes sense, but I don’t see a feature to be able to do this. Plus, if the program becomes even semi-popular that would be a lot of certificates to manage. Can anyone shed more light on the correct way (if at all possible) to use CloudFlare API shield in an open-source Python program? Thank you in advance for your time in helping me. Ps. Please excuse any spelling or grammar errors. I was born with severe dyslexia.
This topic was automatically closed after 30 days. New replies are no longer allowed.