mix clearbank.gen.keys (ClearBank v1.0.0)

Copy Markdown View Source

Generates an RSA 2048-bit key pair suitable for ClearBank API authentication.

Usage

mix clearbank.gen.keys

# Custom output directory
mix clearbank.gen.keys --dir priv/certs

# Custom filenames
mix clearbank.gen.keys --private private.pem --public public.pem

# Generate CSR for upload to ClearBank Portal
mix clearbank.gen.keys --csr --common-name "My Institution"

Output files

By default, writes to priv/clearbank/:

  • private_key.pem — keep secret, store in HSM in production
  • public_key.pem — extracted public key
  • clearbank.csr — Certificate Signing Request (if --csr flag used)

Security

  • Never commit private_key.pem to version control
  • In production, the private key must reside in a FIPS 140-2 level 2 compliant HSM
  • In simulation, any RSA 2048-bit key pair is acceptable

Next steps

  1. Upload clearbank.csr to the ClearBank Portal under Institution > Certificates and Tokens > Generate API Token

  2. Copy the API token (shown only once)

  3. Configure in config/runtime.exs:

    config :clearbank,
  api_token: System.fetch_env!("CLEARBANK_API_TOKEN"),
  private_key_path: System.fetch_env!("CLEARBANK_PRIVATE_KEY_PATH")

Summary

Functions

run(args)

Callback implementation for Mix.Task.run/1.

Functions

run(args)

@spec run([String.t()]) :: :ok

Callback implementation for Mix.Task.run/1.