Restructure solution layout by module
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
This commit is contained in:
root
@@ -1,63 +1,63 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
usage() {
|
||||
cat <<'EOF'
|
||||
Usage: rotate-policy-cli-secret.sh [--output <path>] [--dry-run]
|
||||
|
||||
Generates a new random shared secret suitable for the Authority
|
||||
`policy-cli` client and optionally writes it to the target file
|
||||
in `etc/secrets/` with the standard header comment.
|
||||
|
||||
Options:
|
||||
--output <path> Destination file (default: etc/secrets/policy-cli.secret)
|
||||
--dry-run Print the generated secret to stdout without writing.
|
||||
-h, --help Show this help.
|
||||
EOF
|
||||
}
|
||||
|
||||
OUTPUT="etc/secrets/policy-cli.secret"
|
||||
DRY_RUN=0
|
||||
|
||||
while [[ $# -gt 0 ]]; do
|
||||
case "$1" in
|
||||
--output)
|
||||
OUTPUT="$2"
|
||||
shift 2
|
||||
;;
|
||||
--dry-run)
|
||||
DRY_RUN=1
|
||||
shift
|
||||
;;
|
||||
-h|--help)
|
||||
usage
|
||||
exit 0
|
||||
;;
|
||||
*)
|
||||
echo "Unknown argument: $1" >&2
|
||||
usage >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
if ! command -v openssl >/dev/null 2>&1; then
|
||||
echo "openssl is required to generate secrets" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Generate a 48-byte random secret, base64 encoded without padding.
|
||||
RAW_SECRET=$(openssl rand -base64 48 | tr -d '\n=')
|
||||
SECRET="policy-cli-${RAW_SECRET}"
|
||||
|
||||
if [[ "$DRY_RUN" -eq 1 ]]; then
|
||||
echo "$SECRET"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
cat <<EOF > "$OUTPUT"
|
||||
# generated $(date -u +%Y-%m-%dT%H:%M:%SZ) via scripts/rotate-policy-cli-secret.sh
|
||||
$SECRET
|
||||
EOF
|
||||
|
||||
echo "Wrote new policy-cli secret to $OUTPUT"
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
usage() {
|
||||
cat <<'EOF'
|
||||
Usage: rotate-policy-cli-secret.sh [--output <path>] [--dry-run]
|
||||
|
||||
Generates a new random shared secret suitable for the Authority
|
||||
`policy-cli` client and optionally writes it to the target file
|
||||
in `etc/secrets/` with the standard header comment.
|
||||
|
||||
Options:
|
||||
--output <path> Destination file (default: etc/secrets/policy-cli.secret)
|
||||
--dry-run Print the generated secret to stdout without writing.
|
||||
-h, --help Show this help.
|
||||
EOF
|
||||
}
|
||||
|
||||
OUTPUT="etc/secrets/policy-cli.secret"
|
||||
DRY_RUN=0
|
||||
|
||||
while [[ $# -gt 0 ]]; do
|
||||
case "$1" in
|
||||
--output)
|
||||
OUTPUT="$2"
|
||||
shift 2
|
||||
;;
|
||||
--dry-run)
|
||||
DRY_RUN=1
|
||||
shift
|
||||
;;
|
||||
-h|--help)
|
||||
usage
|
||||
exit 0
|
||||
;;
|
||||
*)
|
||||
echo "Unknown argument: $1" >&2
|
||||
usage >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
if ! command -v openssl >/dev/null 2>&1; then
|
||||
echo "openssl is required to generate secrets" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Generate a 48-byte random secret, base64 encoded without padding.
|
||||
RAW_SECRET=$(openssl rand -base64 48 | tr -d '\n=')
|
||||
SECRET="policy-cli-${RAW_SECRET}"
|
||||
|
||||
if [[ "$DRY_RUN" -eq 1 ]]; then
|
||||
echo "$SECRET"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
cat <<EOF > "$OUTPUT"
|
||||
# generated $(date -u +%Y-%m-%dT%H:%M:%SZ) via scripts/rotate-policy-cli-secret.sh
|
||||
$SECRET
|
||||
EOF
|
||||
|
||||
echo "Wrote new policy-cli secret to $OUTPUT"
|
||||
|
||||
Reference in New Issue
Block a user