2025-10-19 19:22:37 +02:00
|
|
|
#!/usr/bin/env bash
|
|
|
|
|
|
|
|
|
|
# Script to generate cryptographically secure passwords for all databases
|
|
|
|
|
# Generates 32-character random passwords using openssl
|
|
|
|
|
|
|
|
|
|
set -e
|
|
|
|
|
|
|
|
|
|
echo "Generating secure passwords for all databases..."
|
|
|
|
|
echo ""
|
|
|
|
|
|
|
|
|
|
# Generate password function
|
|
|
|
|
generate_password() {
|
|
|
|
|
openssl rand -base64 32 | tr -d "=+/" | cut -c1-32
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Generate passwords for all services
|
|
|
|
|
SERVICES=(
|
|
|
|
|
"AUTH_DB_PASSWORD"
|
|
|
|
|
"TRAINING_DB_PASSWORD"
|
|
|
|
|
"FORECASTING_DB_PASSWORD"
|
|
|
|
|
"SALES_DB_PASSWORD"
|
|
|
|
|
"EXTERNAL_DB_PASSWORD"
|
|
|
|
|
"TENANT_DB_PASSWORD"
|
|
|
|
|
"NOTIFICATION_DB_PASSWORD"
|
|
|
|
|
"ALERT_PROCESSOR_DB_PASSWORD"
|
|
|
|
|
"INVENTORY_DB_PASSWORD"
|
|
|
|
|
"RECIPES_DB_PASSWORD"
|
|
|
|
|
"SUPPLIERS_DB_PASSWORD"
|
|
|
|
|
"POS_DB_PASSWORD"
|
|
|
|
|
"ORDERS_DB_PASSWORD"
|
|
|
|
|
"PRODUCTION_DB_PASSWORD"
|
|
|
|
|
"REDIS_PASSWORD"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
echo "Generated Passwords:"
|
|
|
|
|
echo "===================="
|
|
|
|
|
echo ""
|
|
|
|
|
|
|
|
|
|
count=0
|
|
|
|
|
for service in "${SERVICES[@]}"; do
|
|
|
|
|
password=$(generate_password)
|
|
|
|
|
echo "$service=$password"
|
|
|
|
|
count=$((count + 1))
|
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
echo ""
|
|
|
|
|
echo "===================="
|
|
|
|
|
echo ""
|
|
|
|
|
echo "Passwords generated successfully!"
|
|
|
|
|
echo "Total: $count passwords"
|
|
|
|
|
echo ""
|
|
|
|
|
echo "Next steps:"
|
|
|
|
|
echo "1. Update .env file with these passwords"
|
2026-01-19 11:55:17 +01:00
|
|
|
echo "2. Update infrastructure/environments/common/configs/secrets.yaml with base64-encoded passwords"
|
2025-10-19 19:22:37 +02:00
|
|
|
echo "3. Apply new secrets to Kubernetes cluster"
|
|
|
|
|
echo ""
|
|
|
|
|
echo "To base64 encode a password:"
|
|
|
|
|
echo " echo -n 'password' | base64"
|
