overleaf/server-ce/init_scripts/100_generate_secrets.sh

39 lines
1.2 KiB
Bash
Raw Normal View History

#!/bin/bash
set -e -o pipefail
2015-02-06 12:01:50 -05:00
# generate secrets and defines them as environment variables
# https://github.com/phusion/baseimage-docker#centrally-defining-your-own-environment-variables
WEB_API_PASSWORD_FILE=/etc/container_environment/WEB_API_PASSWORD
STAGING_PASSWORD_FILE=/etc/container_environment/STAGING_PASSWORD # HTTP auth for history-v1
V1_HISTORY_PASSWORD_FILE=/etc/container_environment/V1_HISTORY_PASSWORD
CRYPTO_RANDOM_FILE=/etc/container_environment/CRYPTO_RANDOM
OT_JWT_AUTH_KEY_FILE=/etc/container_environment/OT_JWT_AUTH_KEY
generate_secret () {
dd if=/dev/urandom bs=1 count=32 2>/dev/null | base64 -w 0 | rev | cut -b 2- | rev | tr -d '\n+/'
}
if [ ! -f "$WEB_API_PASSWORD_FILE" ] ||
[ ! -f "$STAGING_PASSWORD_FILE" ] ||
[ ! -f "$V1_HISTORY_PASSWORD_FILE" ] ||
[ ! -f "$CRYPTO_RANDOM_FILE" ] ||
[ ! -f "$OT_JWT_AUTH_KEY_FILE" ]
then
echo "generating random secrets"
SECRET=$(generate_secret)
echo "${SECRET}" > ${WEB_API_PASSWORD_FILE}
SECRET=$(generate_secret)
echo "${SECRET}" > ${STAGING_PASSWORD_FILE}
echo "${SECRET}" > ${V1_HISTORY_PASSWORD_FILE}
SECRET=$(generate_secret)
echo "${SECRET}" > ${CRYPTO_RANDOM_FILE}
SECRET=$(generate_secret)
echo "${SECRET}" > ${OT_JWT_AUTH_KEY_FILE}
fi