diff --git a/synapse/_scripts/generate_signing_key.py b/synapse/_scripts/generate_signing_key.py
index dc0b853ed6..a329416495 100755
--- a/synapse/_scripts/generate_signing_key.py
+++ b/synapse/_scripts/generate_signing_key.py
@@ -19,6 +19,7 @@
#
#
import argparse
+import os
import sys
from signedjson.key import generate_signing_key, write_signing_keys
@@ -32,15 +33,21 @@ def main() -> None:
parser.add_argument(
"-o",
"--output_file",
- type=argparse.FileType("w"),
- default=sys.stdout,
+ type=str,
+ default="-",
help="Where to write the output to",
)
args = parser.parse_args()
key_id = "a_" + random_string(4)
key = (generate_signing_key(key_id),)
- write_signing_keys(args.output_file, key)
+ if args.output_file == "-":
+ write_signing_keys(sys.stdout, key)
+ else:
+ with open(
+ args.output_file, "w", opener=lambda p, f: os.open(p, f, mode=0o640)
+ ) as signing_key_file:
+ write_signing_keys(signing_key_file, key)
if __name__ == "__main__":
|
