From 40079f3be66dd2df021cb97e6418b1a41cf05abd Mon Sep 17 00:00:00 2001
From: Jack Ivanov <e601809@gmail.com>
Date: Sat, 14 Jan 2017 19:24:23 +0300
Subject: [PATCH] Delete the CA key

---
 algo       |  6 ++++++
 deploy.yml | 11 ++++++++++-
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/algo b/algo
index 4b1c5126..9d040358 100755
--- a/algo
+++ b/algo
@@ -50,6 +50,12 @@ Do you want the VPN to support Windows 10 clients? (requires RSA certificates an
 Win10_Enabled=${Win10_Enabled:-n}
 if [[ "$Win10_Enabled" =~ ^(y|Y)$ ]]; then EXTRA_VARS+=" Win10_Enabled=Y"; fi
 
+read -p "
+Do you want to delete the CA key? (if you choose 'yes', you cannot update users)
+[Y/n]: " -r Delete_CAKEY
+Delete_CAKEY=${Delete_CAKEY:-y}
+if [[ "$Delete_CAKEY" =~ ^(y|Y)$ ]]; then EXTRA_VARS+=" Delete_CAKEY=Y"; fi
+
 }
 
 deploy () {
diff --git a/deploy.yml b/deploy.yml
index 75d2063e..08303fb3 100644
--- a/deploy.yml
+++ b/deploy.yml
@@ -64,8 +64,17 @@
     - debug: msg="{{ additional_information.split('\n') }}"
       tags: cloud
 
-    - name: Save the CA key
+    - name: Save the CA key password
       local_action: >
         shell echo "{{ easyrsa_CA_password }}" > /tmp/ca_password
       become: no
       tags: tests
+
+    - name: Delete the CA key
+      local_action:
+        module: file
+        path: "configs/{{ IP_subject_alt_name }}/pki/private/cakey.pem"
+        state: absent
+      become: no
+      tags: always
+      when: Delete_CAKEY is defined and Delete_CAKEY == "Y"