2025-02-05 23:14:20 +00:00
|
|
|
#!/usr/bin/env bash
|
|
|
|
|
|
|
|
|
|
# Script: gen-firezone-secrets.sh
|
|
|
|
|
# Purpose: Generate all Firezone-required secrets as random hex values,
|
|
|
|
|
# and store them in an OpenShift secret.
|
|
|
|
|
# Configures Gmail as SMTP relay in OUTBOUND_EMAIL_ADAPTER_OPTS.
|
|
|
|
|
|
|
|
|
|
set -euo pipefail
|
|
|
|
|
|
|
|
|
|
# Change to your desired namespace (project name):
|
|
|
|
|
NAMESPACE="firezone"
|
|
|
|
|
SECRET_NAME="firezone-secrets"
|
|
|
|
|
|
|
|
|
|
# Random hex strings for Firezone secrets (adjust byte sizes as needed).
|
|
|
|
|
SECRET_KEY_BASE="$(openssl rand -hex 32)"
|
|
|
|
|
LIVE_VIEW_SIGNING_SALT="$(openssl rand -hex 8)"
|
|
|
|
|
COOKIE_SIGNING_SALT="$(openssl rand -hex 8)"
|
|
|
|
|
COOKIE_ENCRYPTION_SALT="$(openssl rand -hex 8)"
|
|
|
|
|
TOKENS_KEY_BASE="$(openssl rand -hex 32)"
|
|
|
|
|
TOKENS_SALT="$(openssl rand -hex 8)"
|
|
|
|
|
RELEASE_COOKIE="$(openssl rand -hex 16)"
|
|
|
|
|
|
|
|
|
|
# Database credentials (example)
|
|
|
|
|
DB_USERNAME="firezone_db_user"
|
|
|
|
|
DB_PASSWORD="firezone_db_pass"
|
|
|
|
|
|
|
|
|
|
# Gmail SMTP configuration
|
|
|
|
|
# Replace these with your actual Gmail username & app password
|
2025-02-07 03:48:49 +00:00
|
|
|
GMAIL_USERNAME="postmaster@mg.calegix.net"
|
|
|
|
|
GMAIL_APP_PASSWORD="9e847ec32783381d4ff3a316c8157c64-667818f5-9bf832a6"
|
2025-02-05 23:14:20 +00:00
|
|
|
|
|
|
|
|
# We'll embed these in a JSON object that Swoosh can parse:
|
|
|
|
|
OUTBOUND_EMAIL_ADAPTER_OPTS="$(cat <<EOF
|
|
|
|
|
{
|
2025-02-11 03:23:19 +00:00
|
|
|
"api_key": "6c560f38672717eb06055acd32d52966-667818f5-7e660ceb",
|
|
|
|
|
"domain": "mg.calegix.net"
|
2025-02-05 23:14:20 +00:00
|
|
|
}
|
|
|
|
|
EOF
|
|
|
|
|
)"
|
|
|
|
|
|
|
|
|
|
echo "Creating/updating Secret '$SECRET_NAME' in namespace '$NAMESPACE'..."
|
|
|
|
|
|
|
|
|
|
oc -n "$NAMESPACE" create secret generic "$SECRET_NAME" \
|
|
|
|
|
--from-literal=SECRET_KEY_BASE="$SECRET_KEY_BASE" \
|
|
|
|
|
--from-literal=LIVE_VIEW_SIGNING_SALT="$LIVE_VIEW_SIGNING_SALT" \
|
|
|
|
|
--from-literal=COOKIE_SIGNING_SALT="$COOKIE_SIGNING_SALT" \
|
|
|
|
|
--from-literal=COOKIE_ENCRYPTION_SALT="$COOKIE_ENCRYPTION_SALT" \
|
|
|
|
|
--from-literal=TOKENS_KEY_BASE="$TOKENS_KEY_BASE" \
|
|
|
|
|
--from-literal=TOKENS_SALT="$TOKENS_SALT" \
|
|
|
|
|
--from-literal=RELEASE_COOKIE="$RELEASE_COOKIE" \
|
|
|
|
|
--from-literal=username="$DB_USERNAME" \
|
|
|
|
|
--from-literal=password="$DB_PASSWORD" \
|
|
|
|
|
--from-literal=OUTBOUND_EMAIL_ADAPTER_OPTS="$OUTBOUND_EMAIL_ADAPTER_OPTS" \
|
|
|
|
|
--dry-run=client -o yaml | oc apply -f -
|
|
|
|
|
|
2025-02-11 03:23:19 +00:00
|
|
|
echo "Done! Your Firezone secrets have been created/updated."
|
