summaryrefslogtreecommitdiff
path: root/stacks/iam/util
diff options
context:
space:
mode:
Diffstat (limited to 'stacks/iam/util')
-rwxr-xr-xstacks/iam/util/gen-oidc-client.sh7
-rwxr-xr-xstacks/iam/util/gen-oidc-jwk.sh5
-rwxr-xr-xstacks/iam/util/gen-secrets.sh21
-rwxr-xr-xstacks/iam/util/gen-user-passwd.sh8
4 files changed, 41 insertions, 0 deletions
diff --git a/stacks/iam/util/gen-oidc-client.sh b/stacks/iam/util/gen-oidc-client.sh
new file mode 100755
index 0000000..ee6d79a
--- /dev/null
+++ b/stacks/iam/util/gen-oidc-client.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+set -euo pipefail
+
+docker run --rm authelia/authelia:latest authelia crypto rand --length 72 --charset rfc3986
+docker run --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --variant sha512 --random --random.length 72 --random.charset rfc3986
+
+printf "\n"
diff --git a/stacks/iam/util/gen-oidc-jwk.sh b/stacks/iam/util/gen-oidc-jwk.sh
new file mode 100755
index 0000000..48747fb
--- /dev/null
+++ b/stacks/iam/util/gen-oidc-jwk.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+set -euo pipefail
+
+openssl genrsa -out oidc-jwk.pem 2048
+openssl genrsa -in oidc-jwk.pem -outform PEM -pubout -out oidc-jwk-pub.pem
diff --git a/stacks/iam/util/gen-secrets.sh b/stacks/iam/util/gen-secrets.sh
new file mode 100755
index 0000000..832f5d8
--- /dev/null
+++ b/stacks/iam/util/gen-secrets.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+
+USERS=(RATDAD)
+SECRETS=(SESSION_SECRET STORAGE_ENCRYPTION JWT_SECRET OIDC_HMAC_SECRET)
+SECRET_DIR=$PWD/secrets
+
+[ ! -d "$SECRET_DIR" ] && mkdir -p "$SECRET_DIR"
+
+# Generate secrets
+for filename in "${SECRETS[@]}"; do
+ if [ ! -f "$SECRET_DIR"/"$filename" ]; then
+ openssl rand -hex 64 > "$SECRET_DIR"/"$filename"
+ fi
+done
+
+# Generate admin passwords
+for filename in "${USERS[@]}"; do
+ if [ ! -f "$SECRET_DIR"/"$filename" ]; then
+ openssl rand -hex 12 > "$SECRET_DIR"/"$filename"
+ fi
+done
diff --git a/stacks/iam/util/gen-user-passwd.sh b/stacks/iam/util/gen-user-passwd.sh
new file mode 100755
index 0000000..d8202ee
--- /dev/null
+++ b/stacks/iam/util/gen-user-passwd.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+set -euo pipefail
+
+read -rp "Enter a password for the new user: " PASSWORD
+HASHED=$(docker run --rm authelia/authelia:latest authelia crypto hash generate argon2 --password "${PASSWORD}")
+
+printf "Password: %s\n" "${PASSWORD}"
+printf "Hash: %s\n" "${HASHED}"