gristlabs_grist-core/docker-compose-examples/grist-traefik-oidc-auth/generateSecureSecrets.sh

33 lines
1.4 KiB
Bash
Raw Normal View History

# Helper script to securely generate random secrets for Authelia.
SCRIPT_DIR=$(dirname $0)
# Copy over template files to final locations
cp -R "$SCRIPT_DIR/secrets_template" "$SCRIPT_DIR/secrets"
cp "$SCRIPT_DIR/env-template" "$SCRIPT_DIR/.env"
# Parses an Aurelia generated secret for the value
function getSecret {
cut -d ":" -f 2 <<< "$1" | tr -d '[:blank:]'
}
function generateSecureString {
getSecret "$(docker run authelia/authelia:4 authelia crypto rand --charset=rfc3986 --length="$1")"
}
generateSecureString 128 > "$SCRIPT_DIR/secrets/HMAC_SECRET"
generateSecureString 128 > "$SCRIPT_DIR/secrets/JWT_SECRET"
generateSecureString 128 > "$SCRIPT_DIR/secrets/SESSION_SECRET"
generateSecureString 128 > "$SCRIPT_DIR/secrets/STORAGE_ENCRYPTION_KEY"
# Generates the OIDC secret key for the Grist client
CLIENT_SECRET_OUTPUT="$(docker run authelia/authelia:4 authelia crypto hash generate pbkdf2 --variant sha512 --random --random.length 72 --random.charset rfc3986)"
CLIENT_SECRET=$(getSecret "$(grep 'Password' <<< $CLIENT_SECRET_OUTPUT)")
sed -i "/GRIST_CLIENT_SECRET=$/d" "$SCRIPT_DIR/.env"
echo "GRIST_CLIENT_SECRET=$CLIENT_SECRET" >> "$SCRIPT_DIR/.env"
getSecret "$(grep 'Digest' <<< $CLIENT_SECRET_OUTPUT)" >> "$SCRIPT_DIR/secrets/GRIST_CLIENT_SECRET_DIGEST"
# Generate JWT certificates Authelia needs for OIDC
docker run -v ./secrets/certs:/certs authelia/authelia:4 authelia crypto certificate rsa generate -d /certs