From 8b95e9f97ac7d2e8860fec4291e2237c21dc906c Mon Sep 17 00:00:00 2001
From: Angel Nunez Mencias <github@angelnu.com>
Date: Mon, 21 Mar 2022 10:46:09 +0100
Subject: [PATCH] crypto: open files in read-only mode for importing (#2536)

closes #2535
---
 authentik/crypto/tasks.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/authentik/crypto/tasks.py b/authentik/crypto/tasks.py
index 20b9e1ad1..54b329800 100644
--- a/authentik/crypto/tasks.py
+++ b/authentik/crypto/tasks.py
@@ -61,7 +61,7 @@ def certificate_discovery(self: MonitoredTask):
         else:
             cert_name = path.name.replace(path.suffix, "")
         try:
-            with open(path, "r+", encoding="utf-8") as _file:
+            with open(path, "r", encoding="utf-8") as _file:
                 body = _file.read()
                 if "PRIVATE KEY" in body:
                     private_keys[cert_name] = ensure_private_key_valid(body)