harkon/ai-tax-agent
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
ai-tax-agent/scripts/generate-production-secrets.sh
harkon b324ff09ef
Some checks failed
CI/CD Pipeline / Code Quality & Linting (push) Has been cancelled
Details
CI/CD Pipeline / Policy Validation (push) Has been cancelled
Details
CI/CD Pipeline / Test Suite (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-coverage) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-extract) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-firm-connectors) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-forms) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-hmrc) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-ingestion) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-kg) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-normalize-map) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-ocr) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-rag-indexer) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-rag-retriever) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-reason) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (svc-rpa) (push) Has been cancelled
Details
CI/CD Pipeline / Build Docker Images (ui-review) (push) Has been cancelled
Details
CI/CD Pipeline / Security Scanning (svc-coverage) (push) Has been cancelled
Details
CI/CD Pipeline / Security Scanning (svc-extract) (push) Has been cancelled
Details
CI/CD Pipeline / Security Scanning (svc-kg) (push) Has been cancelled
Details
CI/CD Pipeline / Security Scanning (svc-rag-retriever) (push) Has been cancelled
Details
CI/CD Pipeline / Security Scanning (ui-review) (push) Has been cancelled
Details
CI/CD Pipeline / Generate SBOM (push) Has been cancelled
Details
CI/CD Pipeline / Deploy to Staging (push) Has been cancelled
Details
CI/CD Pipeline / Deploy to Production (push) Has been cancelled
Details
CI/CD Pipeline / Notifications (push) Has been cancelled
Details
Initial commit
2025-10-11 08:41:36 +01:00

83 lines
3.5 KiB
Bash
Executable File
Raw Permalink Blame History

#!/bin/bash
# Generate strong secrets for production environment
set -e
ENV_FILE="infra/compose/.env.production"
if [ ! -f "$ENV_FILE" ]; then
echo "❌ Error: $ENV_FILE not found"
exit 1
fi
echo "🔐 Generating strong secrets for production..."
# Function to generate a strong password (alphanumeric only, no special chars)
generate_password() {
openssl rand -base64 32 | tr -d "=+/\n" | cut -c1-32
}
# Function to generate a hex token
generate_hex_token() {
openssl rand -hex 32
}
# Generate all secrets
POSTGRES_PASSWORD=$(generate_password)
NEO4J_PASSWORD=$(generate_password)
AUTHENTIK_DB_PASSWORD=$(generate_password)
MINIO_ROOT_PASSWORD=$(generate_password)
MINIO_SECRET_KEY=$(generate_password)
VAULT_ROOT_TOKEN=$(generate_hex_token)
AUTHENTIK_SECRET_KEY=$(generate_password)
AUTHENTIK_OUTPOST_TOKEN=$(generate_hex_token)
ADMIN_PASSWORD=$(generate_password)
GRAFANA_PASSWORD=$(generate_password)
GRAFANA_OAUTH_SECRET=$(generate_password)
API_CLIENT_SECRET=$(generate_password)
UI_REVIEW_CLIENT_SECRET=$(generate_password)
GRAFANA_CLIENT_SECRET=$(generate_password)
MINIO_CLIENT_SECRET=$(generate_password)
VAULT_CLIENT_SECRET=$(generate_password)
NEXTAUTH_SECRET=$(generate_password)
# Create a backup
cp "$ENV_FILE" "$ENV_FILE.backup"
# Use perl for more reliable replacement (works on macOS)
perl -i -pe "s/CHANGE_ME_STRONG_PASSWORD_1/$POSTGRES_PASSWORD/g" "$ENV_FILE"
perl -i -pe "s/CHANGE_ME_STRONG_PASSWORD_2/$NEO4J_PASSWORD/g" "$ENV_FILE"
perl -i -pe "s/CHANGE_ME_STRONG_PASSWORD_3/$AUTHENTIK_DB_PASSWORD/g" "$ENV_FILE"
perl -i -pe "s/CHANGE_ME_STRONG_PASSWORD_4/$MINIO_ROOT_PASSWORD/g" "$ENV_FILE"
perl -i -pe "s/CHANGE_ME_STRONG_PASSWORD_5/$MINIO_SECRET_KEY/g" "$ENV_FILE"
perl -i -pe "s/CHANGE_ME_VAULT_ROOT_TOKEN/$VAULT_ROOT_TOKEN/g" "$ENV_FILE"
perl -i -pe "s/CHANGE_ME_AUTHENTIK_SECRET_KEY/$AUTHENTIK_SECRET_KEY/g" "$ENV_FILE"
perl -i -pe "s/CHANGE_ME_AUTHENTIK_OUTPOST_TOKEN/$AUTHENTIK_OUTPOST_TOKEN/g" "$ENV_FILE"
perl -i -pe "s/CHANGE_ME_ADMIN_PASSWORD/$ADMIN_PASSWORD/g" "$ENV_FILE"
perl -i -pe "s/CHANGE_ME_GRAFANA_PASSWORD/$GRAFANA_PASSWORD/g" "$ENV_FILE"
perl -i -pe "s/CHANGE_ME_GRAFANA_OAUTH_SECRET/$GRAFANA_OAUTH_SECRET/g" "$ENV_FILE"
perl -i -pe "s/CHANGE_ME_API_CLIENT_SECRET/$API_CLIENT_SECRET/g" "$ENV_FILE"
perl -i -pe "s/CHANGE_ME_UI_REVIEW_CLIENT_SECRET/$UI_REVIEW_CLIENT_SECRET/g" "$ENV_FILE"
perl -i -pe "s/CHANGE_ME_GRAFANA_CLIENT_SECRET/$GRAFANA_CLIENT_SECRET/g" "$ENV_FILE"
perl -i -pe "s/CHANGE_ME_MINIO_CLIENT_SECRET/$MINIO_CLIENT_SECRET/g" "$ENV_FILE"
perl -i -pe "s/CHANGE_ME_VAULT_CLIENT_SECRET/$VAULT_CLIENT_SECRET/g" "$ENV_FILE"
perl -i -pe "s/CHANGE_ME_NEXTAUTH_SECRET/$NEXTAUTH_SECRET/g" "$ENV_FILE"
echo "✅ Secrets generated successfully!"
echo ""
echo "📝 Important credentials (save these securely!):"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "Admin Email: admin@harkon.co.uk"
echo "Admin Password: $ADMIN_PASSWORD"
echo "Vault Root Token: $VAULT_ROOT_TOKEN"
echo "Grafana Password: $GRAFANA_PASSWORD"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo ""
echo "⚠️ IMPORTANT:"
echo "1. Save these credentials in a password manager"
echo "2. The .env.production file contains all secrets"
echo "3. Never commit .env.production to git"
echo "4. A backup was created at $ENV_FILE.backup"
echo ""
echo "🔒 To view all secrets: cat $ENV_FILE"
Reference in New Issue View Git Blame Copy Permalink