Improve teh securty of teh DB

scripts/generate-passwords.sh

@@ -0,0 +1,58 @@
+#!/usr/bin/env bash
+
+# Script to generate cryptographically secure passwords for all databases
+# Generates 32-character random passwords using openssl
+
+set -e
+
+echo "Generating secure passwords for all databases..."
+echo ""
+
+# Generate password function
+generate_password() {
+  openssl rand -base64 32 | tr -d "=+/" | cut -c1-32
+}
+
+# Generate passwords for all services
+SERVICES=(
+  "AUTH_DB_PASSWORD"
+  "TRAINING_DB_PASSWORD"
+  "FORECASTING_DB_PASSWORD"
+  "SALES_DB_PASSWORD"
+  "EXTERNAL_DB_PASSWORD"
+  "TENANT_DB_PASSWORD"
+  "NOTIFICATION_DB_PASSWORD"
+  "ALERT_PROCESSOR_DB_PASSWORD"
+  "INVENTORY_DB_PASSWORD"
+  "RECIPES_DB_PASSWORD"
+  "SUPPLIERS_DB_PASSWORD"
+  "POS_DB_PASSWORD"
+  "ORDERS_DB_PASSWORD"
+  "PRODUCTION_DB_PASSWORD"
+  "REDIS_PASSWORD"
+)
+
+echo "Generated Passwords:"
+echo "===================="
+echo ""
+
+count=0
+for service in "${SERVICES[@]}"; do
+  password=$(generate_password)
+  echo "$service=$password"
+  count=$((count + 1))
+done
+
+echo ""
+echo "===================="
+echo ""
+echo "Passwords generated successfully!"
+echo "Total: $count passwords"
+echo ""
+echo "Next steps:"
+echo "1. Update .env file with these passwords"
+echo "2. Update infrastructure/kubernetes/base/secrets.yaml with base64-encoded passwords"
+echo "3. Apply new secrets to Kubernetes cluster"
+echo ""
+echo "To base64 encode a password:"
+echo "  echo -n 'password' | base64"