#!/usr/bin/env bash

# Script to generate cryptographically secure passwords for all databases
# Generates 32-character random passwords using openssl

set -e

echo "Generating secure passwords for all databases..."
echo ""

# Generate password function
generate_password() {
  openssl rand -base64 32 | tr -d "=+/" | cut -c1-32
}

# Generate passwords for all services
SERVICES=(
  "AUTH_DB_PASSWORD"
  "TRAINING_DB_PASSWORD"
  "FORECASTING_DB_PASSWORD"
  "SALES_DB_PASSWORD"
  "EXTERNAL_DB_PASSWORD"
  "TENANT_DB_PASSWORD"
  "NOTIFICATION_DB_PASSWORD"
  "ALERT_PROCESSOR_DB_PASSWORD"
  "INVENTORY_DB_PASSWORD"
  "RECIPES_DB_PASSWORD"
  "SUPPLIERS_DB_PASSWORD"
  "POS_DB_PASSWORD"
  "ORDERS_DB_PASSWORD"
  "PRODUCTION_DB_PASSWORD"
  "REDIS_PASSWORD"
)

echo "Generated Passwords:"
echo "===================="
echo ""

count=0
for service in "${SERVICES[@]}"; do
  password=$(generate_password)
  echo "$service=$password"
  count=$((count + 1))
done

echo ""
echo "===================="
echo ""
echo "Passwords generated successfully!"
echo "Total: $count passwords"
echo ""
echo "Next steps:"
echo "1. Update .env file with these passwords"
echo "2. Update infrastructure/environments/common/configs/secrets.yaml with base64-encoded passwords"
echo "3. Apply new secrets to Kubernetes cluster"
echo ""
echo "To base64 encode a password:"
echo "  echo -n 'password' | base64"