From 11f87a3cd2c16a21fdd93690b35cd7bac4c21f85 Mon Sep 17 00:00:00 2001 From: Alex Auvolat Date: Sat, 24 Dec 2022 23:58:38 +0100 Subject: [PATCH] staging: add missing secrets, update exiting ones to autogen/autorotate --- cluster/staging/app/core/secrets/d53/gandi_api_key | 1 + cluster/staging/app/garage/secrets/garage-staging/admin_token | 1 + cluster/staging/app/garage/secrets/garage-staging/metrics_token | 1 + cluster/staging/app/garage/secrets/garage-staging/rpc_secret | 2 +- cluster/staging/app/im/secrets/synapse/form_secret | 2 +- cluster/staging/app/im/secrets/synapse/macaroon_secret_key | 2 +- .../staging/app/im/secrets/synapse/registration_shared_secret | 2 +- secretmgr/secretmgr | 1 + 8 files changed, 8 insertions(+), 4 deletions(-) create mode 100644 cluster/staging/app/core/secrets/d53/gandi_api_key create mode 100644 cluster/staging/app/garage/secrets/garage-staging/admin_token create mode 100644 cluster/staging/app/garage/secrets/garage-staging/metrics_token diff --git a/cluster/staging/app/core/secrets/d53/gandi_api_key b/cluster/staging/app/core/secrets/d53/gandi_api_key new file mode 100644 index 0000000..b3936c9 --- /dev/null +++ b/cluster/staging/app/core/secrets/d53/gandi_api_key @@ -0,0 +1 @@ +USER Gandi API key diff --git a/cluster/staging/app/garage/secrets/garage-staging/admin_token b/cluster/staging/app/garage/secrets/garage-staging/admin_token new file mode 100644 index 0000000..5fa4e3c --- /dev/null +++ b/cluster/staging/app/garage/secrets/garage-staging/admin_token @@ -0,0 +1 @@ +CMD openssl rand -hex 32 diff --git a/cluster/staging/app/garage/secrets/garage-staging/metrics_token b/cluster/staging/app/garage/secrets/garage-staging/metrics_token new file mode 100644 index 0000000..5fa4e3c --- /dev/null +++ b/cluster/staging/app/garage/secrets/garage-staging/metrics_token @@ -0,0 +1 @@ +CMD openssl rand -hex 32 diff --git a/cluster/staging/app/garage/secrets/garage-staging/rpc_secret b/cluster/staging/app/garage/secrets/garage-staging/rpc_secret index d831d53..5fa4e3c 100644 --- a/cluster/staging/app/garage/secrets/garage-staging/rpc_secret +++ b/cluster/staging/app/garage/secrets/garage-staging/rpc_secret @@ -1 +1 @@ -CMD_ONCE openssl rand -hex 32 +CMD openssl rand -hex 32 diff --git a/cluster/staging/app/im/secrets/synapse/form_secret b/cluster/staging/app/im/secrets/synapse/form_secret index 37cf6ed..f601137 100644 --- a/cluster/staging/app/im/secrets/synapse/form_secret +++ b/cluster/staging/app/im/secrets/synapse/form_secret @@ -1 +1 @@ -USER Synapse's `form_secret` configuration parameter +CMD openssl rand -base64 42 diff --git a/cluster/staging/app/im/secrets/synapse/macaroon_secret_key b/cluster/staging/app/im/secrets/synapse/macaroon_secret_key index 5f7f959..f601137 100644 --- a/cluster/staging/app/im/secrets/synapse/macaroon_secret_key +++ b/cluster/staging/app/im/secrets/synapse/macaroon_secret_key @@ -1 +1 @@ -USER Synapse's `macaroon_secret_key` parameter +CMD openssl rand -base64 42 diff --git a/cluster/staging/app/im/secrets/synapse/registration_shared_secret b/cluster/staging/app/im/secrets/synapse/registration_shared_secret index 60edd0e..f601137 100644 --- a/cluster/staging/app/im/secrets/synapse/registration_shared_secret +++ b/cluster/staging/app/im/secrets/synapse/registration_shared_secret @@ -1 +1 @@ -USER Synapse's `registration_shared_secret` parameter +CMD openssl rand -base64 42 diff --git a/secretmgr/secretmgr b/secretmgr/secretmgr index 3c0ec08..0595f81 100755 --- a/secretmgr/secretmgr +++ b/secretmgr/secretmgr @@ -379,3 +379,4 @@ if __name__ == "__main__": print(" secretmgr.py [check|gen|regen] ...") +# vim: set sts=4 ts=4 sw=4 tw=0 ft=python et :