2024-07-24 01:16:22 +00:00
|
|
|
# Helper script to securely generate random secrets for Authelia.
|
|
|
|
|
|
|
|
|
|
SCRIPT_DIR=$(dirname $0)
|
|
|
|
|
|
2024-07-26 14:57:46 +00:00
|
|
|
function getSecret {
|
|
|
|
|
cut -d ":" -f 2 <<< "$1" | tr -d '[:blank:]'
|
|
|
|
|
}
|
|
|
|
|
|
2024-07-24 01:16:22 +00:00
|
|
|
function generateSecureString {
|
2024-07-26 14:57:46 +00:00
|
|
|
getSecret "$(docker run authelia/authelia:4 authelia crypto rand --charset=rfc3986 --length="$1")"
|
2024-07-24 01:16:22 +00:00
|
|
|
}
|
|
|
|
|
|
2024-07-26 14:57:46 +00:00
|
|
|
generateSecureString 128 > "$SCRIPT_DIR/secrets/HMAC_SECRET"
|
|
|
|
|
generateSecureString 128 > "$SCRIPT_DIR/secrets/JWT_SECRET"
|
|
|
|
|
generateSecureString 128 > "$SCRIPT_DIR/secrets/SESSION_SECRET"
|
|
|
|
|
generateSecureString 128 > "$SCRIPT_DIR/secrets/STORAGE_ENCRYPTION_KEY"
|
|
|
|
|
|
|
|
|
|
# Generates the OIDC secret key for the Grist client
|
|
|
|
|
CLIENT_SECRET_OUTPUT="$(docker run authelia/authelia:4 authelia crypto hash generate pbkdf2 --variant sha512 --random --random.length 72 --random.charset rfc3986)"
|
|
|
|
|
CLIENT_SECRET=$(getSecret "$(grep 'Password' <<< $CLIENT_SECRET_OUTPUT)")
|
|
|
|
|
echo "GRIST_CLIENT_SECRET=$CLIENT_SECRET" >> "$SCRIPT_DIR/.env"
|
|
|
|
|
getSecret "$(grep 'Digest' <<< $CLIENT_SECRET_OUTPUT)" >> "$SCRIPT_DIR/secrets/GRIST_CLIENT_SECRET_DIGEST"
|
|
|
|
|
|
|
|
|
|
# Generate JWT certificates Authelia needs for OIDC
|
|
|
|
|
docker run -v ./secrets/certs:/certs authelia/authelia:4 authelia crypto certificate rsa generate -d /certs
|
|
|
|
|
|
