bakery-ia/scripts/generate-passwords.sh

#!/usr/bin/env bash

# Script to generate cryptographically secure passwords for all databases
# Generates 32-character random passwords using openssl

set -e

echo "Generating secure passwords for all databases..."
echo ""

# Generate password function
generate_password() {
  openssl rand -base64 32 | tr -d "=+/" | cut -c1-32
}

# Generate passwords for all services
SERVICES=(
  "AUTH_DB_PASSWORD"
  "TRAINING_DB_PASSWORD"
  "FORECASTING_DB_PASSWORD"
  "SALES_DB_PASSWORD"
  "EXTERNAL_DB_PASSWORD"
  "TENANT_DB_PASSWORD"
  "NOTIFICATION_DB_PASSWORD"
  "ALERT_PROCESSOR_DB_PASSWORD"
  "INVENTORY_DB_PASSWORD"
  "RECIPES_DB_PASSWORD"
  "SUPPLIERS_DB_PASSWORD"
  "POS_DB_PASSWORD"
  "ORDERS_DB_PASSWORD"
  "PRODUCTION_DB_PASSWORD"
  "REDIS_PASSWORD"
)

echo "Generated Passwords:"
echo "===================="
echo ""

count=0
for service in "${SERVICES[@]}"; do
  password=$(generate_password)
  echo "$service=$password"
  count=$((count + 1))
done

echo ""
echo "===================="
echo ""
echo "Passwords generated successfully!"
echo "Total: $count passwords"
echo ""
echo "Next steps:"
echo "1. Update .env file with these passwords"
echo "2. Update infrastructure/kubernetes/base/secrets.yaml with base64-encoded passwords"
echo "3. Apply new secrets to Kubernetes cluster"
echo ""
echo "To base64 encode a password:"
echo "  echo -n 'password' | base64"
Improve teh securty of teh DB 2025-10-19 19:22:37 +02:00			`#!/usr/bin/env bash`

			`# Script to generate cryptographically secure passwords for all databases`
			`# Generates 32-character random passwords using openssl`

			`set -e`

			`echo "Generating secure passwords for all databases..."`
			`echo ""`

			`# Generate password function`
			`generate_password() {`
			`openssl rand -base64 32 \| tr -d "=+/" \| cut -c1-32`
			`}`

			`# Generate passwords for all services`
			`SERVICES=(`
			`"AUTH_DB_PASSWORD"`
			`"TRAINING_DB_PASSWORD"`
			`"FORECASTING_DB_PASSWORD"`
			`"SALES_DB_PASSWORD"`
			`"EXTERNAL_DB_PASSWORD"`
			`"TENANT_DB_PASSWORD"`
			`"NOTIFICATION_DB_PASSWORD"`
			`"ALERT_PROCESSOR_DB_PASSWORD"`
			`"INVENTORY_DB_PASSWORD"`
			`"RECIPES_DB_PASSWORD"`
			`"SUPPLIERS_DB_PASSWORD"`
			`"POS_DB_PASSWORD"`
			`"ORDERS_DB_PASSWORD"`
			`"PRODUCTION_DB_PASSWORD"`
			`"REDIS_PASSWORD"`
			`)`

			`echo "Generated Passwords:"`
			`echo "===================="`
			`echo ""`

			`count=0`
			`for service in "${SERVICES[@]}"; do`
			`password=$(generate_password)`
			`echo "$service=$password"`
			`count=$((count + 1))`
			`done`

			`echo ""`
			`echo "===================="`
			`echo ""`
			`echo "Passwords generated successfully!"`
			`echo "Total: $count passwords"`
			`echo ""`
			`echo "Next steps:"`
			`echo "1. Update .env file with these passwords"`
			`echo "2. Update infrastructure/kubernetes/base/secrets.yaml with base64-encoded passwords"`
			`echo "3. Apply new secrets to Kubernetes cluster"`
			`echo ""`
			`echo "To base64 encode a password:"`
			`echo " echo -n 'password' \| base64"`