88 lines
2.4 KiB
Bash
88 lines
2.4 KiB
Bash
#!/bin/bash
|
|
set -e
|
|
|
|
# Colors for output
|
|
GREEN='\033[0;32m'
|
|
YELLOW='\033[1;33m'
|
|
BLUE='\033[0;34m'
|
|
RED='\033[0;31m'
|
|
NC='\033[0m' # No Color
|
|
|
|
log_info() {
|
|
echo -e "${GREEN}[INFO]${NC} $1"
|
|
}
|
|
|
|
log_warn() {
|
|
echo -e "${YELLOW}[WARN]${NC} $1"
|
|
}
|
|
|
|
log_error() {
|
|
echo -e "${RED}[ERROR]${NC} $1"
|
|
}
|
|
|
|
log_header() {
|
|
echo -e "${BLUE}$1${NC}"
|
|
}
|
|
|
|
# Function to generate secure random string (alphanumeric only)
|
|
generate_secret() {
|
|
local length=${1:-32}
|
|
cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w "$length" | head -n 1
|
|
}
|
|
|
|
ENV_FILE=".env"
|
|
|
|
log_header "Taiga Secrets Generator (Alternative Method)"
|
|
echo "=============================================="
|
|
|
|
# Check if .env file exists
|
|
if [[ ! -f "$ENV_FILE" ]]; then
|
|
log_error ".env file not found! Please create it first."
|
|
exit 1
|
|
fi
|
|
|
|
# Create backup
|
|
log_info "Creating backup of .env file..."
|
|
cp "$ENV_FILE" "${ENV_FILE}.backup.$(date +%Y%m%d_%H%M%S)"
|
|
|
|
# Generate secrets
|
|
log_info "Generating secure secrets..."
|
|
|
|
SECRET_KEY=$(generate_secret 50)
|
|
DB_PASSWORD=$(generate_secret 32)
|
|
RABBITMQ_PASSWORD=$(generate_secret 32)
|
|
ERLANG_COOKIE=$(generate_secret 20)
|
|
|
|
# Create new .env file using awk (more robust than sed)
|
|
log_info "Updating .env file with new secrets..."
|
|
|
|
awk -v secret_key="$SECRET_KEY" \
|
|
-v db_password="$DB_PASSWORD" \
|
|
-v rabbitmq_password="$RABBITMQ_PASSWORD" \
|
|
-v erlang_cookie="$ERLANG_COOKIE" '
|
|
{
|
|
if ($0 ~ /^SECRET_KEY="CHANGE_ME_TO_SECURE_SECRET_KEY"/) {
|
|
print "SECRET_KEY=\"" secret_key "\""
|
|
} else if ($0 ~ /^POSTGRES_PASSWORD=CHANGE_ME_TO_SECURE_DB_PASSWORD/) {
|
|
print "POSTGRES_PASSWORD=" db_password
|
|
} else if ($0 ~ /^RABBITMQ_PASS=CHANGE_ME_TO_SECURE_RABBITMQ_PASSWORD/) {
|
|
print "RABBITMQ_PASS=" rabbitmq_password
|
|
} else if ($0 ~ /^RABBITMQ_ERLANG_COOKIE=CHANGE_ME_TO_SECURE_ERLANG_COOKIE/) {
|
|
print "RABBITMQ_ERLANG_COOKIE=" erlang_cookie
|
|
} else {
|
|
print $0
|
|
}
|
|
}' "$ENV_FILE" > "${ENV_FILE}.tmp" && mv "${ENV_FILE}.tmp" "$ENV_FILE"
|
|
|
|
log_info "Secrets generated and updated successfully!"
|
|
echo ""
|
|
log_warn "IMPORTANT: Keep these credentials secure!"
|
|
echo "- SECRET_KEY: $SECRET_KEY (50 chars)"
|
|
echo "- POSTGRES_PASSWORD: $DB_PASSWORD (32 chars)"
|
|
echo "- RABBITMQ_PASS: $RABBITMQ_PASSWORD (32 chars)"
|
|
echo "- RABBITMQ_ERLANG_COOKIE: $ERLANG_COOKIE (20 chars)"
|
|
echo ""
|
|
log_info "Original .env file backed up."
|
|
echo ""
|
|
log_warn "Next step: Review EMAIL settings in .env if you want to configure SMTP"
|