stacks/iam/util/gen-secrets.sh


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

#!/bin/bash

USERS=(ADMIN)
SECRETS=(SESSION_SECRET STORAGE_ENCRYPTION JWT_SECRET OIDC_HMAC_SECRET)
SECRET_DIR=$PWD/secrets

[ ! -d "$SECRET_DIR" ] && mkdir -p "$SECRET_DIR"

# Generate secrets
for filename in "${SECRETS[@]}"; do
    if [ ! -f "$SECRET_DIR"/"$filename" ]; then
        openssl rand -hex 64 > "$SECRET_DIR"/"$filename"
    fi
done

# Generate admin password
for filename in "${USERS[@]}"; do
    if [ ! -f "$SECRET_DIR"/"$filename" ]; then
        openssl rand -hex 12 > "$SECRET_DIR"/"$filename"
    fi
done