2610b904a2
- Update vault.example.yml with current secret structure - Enhance gen-auth-secrets.sh for improved OIDC client generation
40 lines
1.3 KiB
Bash
Executable file
40 lines
1.3 KiB
Bash
Executable file
#! /usr/bin/env bash
|
|
|
|
set -euo pipefail
|
|
|
|
rand_hex() {
|
|
local bytes="$1"
|
|
openssl rand -hex "${bytes}"
|
|
}
|
|
|
|
LLDAP_ADMIN_PASSWORD=$(rand_hex 16)
|
|
LLDAP_JWT_SECRET=$(rand_hex 32)
|
|
LLDAP_KEY_SEED=$(rand_hex 32)
|
|
|
|
AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET=$(rand_hex 32)
|
|
AUTHELIA_SESSION_SECRET=$(rand_hex 32)
|
|
AUTHELIA_STORAGE_ENCRYPTION_KEY=$(rand_hex 32)
|
|
AUTHELIA_OIDC_HMAC_SECRET=$(rand_hex 32)
|
|
|
|
AUTHELIA_OIDC_GRAFANA_CLIENT_SECRET=$(rand_hex 20)
|
|
AUTHELIA_OIDC_FORGEJO_CLIENT_SECRET=$(rand_hex 20)
|
|
|
|
VAULT_DEPLOY_TOKEN=$(rand_hex 32)
|
|
|
|
OIDC_PRIVATE_KEY_PEM=$(openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 2>/dev/null)
|
|
|
|
cat <<EOF
|
|
---
|
|
LLDAP_ADMIN_PASSWORD: "${LLDAP_ADMIN_PASSWORD}"
|
|
LLDAP_JWT_SECRET: "${LLDAP_JWT_SECRET}"
|
|
LLDAP_KEY_SEED: "${LLDAP_KEY_SEED}"
|
|
AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET: "${AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET}"
|
|
AUTHELIA_SESSION_SECRET: "${AUTHELIA_SESSION_SECRET}"
|
|
AUTHELIA_STORAGE_ENCRYPTION_KEY: "${AUTHELIA_STORAGE_ENCRYPTION_KEY}"
|
|
AUTHELIA_OIDC_HMAC_SECRET: "${AUTHELIA_OIDC_HMAC_SECRET}"
|
|
AUTHELIA_OIDC_PRIVATE_KEY_PEM: |
|
|
$(printf '%s\n' "$OIDC_PRIVATE_KEY_PEM" | sed 's/^/ /')
|
|
AUTHELIA_OIDC_GRAFANA_CLIENT_SECRET: "${AUTHELIA_OIDC_GRAFANA_CLIENT_SECRET}"
|
|
AUTHELIA_OIDC_FORGEJO_CLIENT_SECRET: "${AUTHELIA_OIDC_FORGEJO_CLIENT_SECRET}"
|
|
VAULT_DEPLOY_TOKEN: "${VAULT_DEPLOY_TOKEN}"
|
|
EOF
|