adrien/infrastructure
1
0
Fork 0
forked from Deuxfleurs/infrastructure
Code Issues Pull requests Releases Wiki Activity

Add CMD_ONCE secret type and fill in/change secret definitions

Browse source
This commit is contained in:
Alex 2021-01-19 17:53:53 +01:00
parent 9560f80852
commit 1c814f002a
11 changed files with 18 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
app/im/secrets/chat/easybridge/as_token Normal file
View file

@ -0,0 +1 @@
CMD openssl rand -hex 32

1
app/im/secrets/chat/easybridge/db_pass Normal file
View file

@ -0,0 +1 @@
SERVICE_PASSWORD easybridge

1
app/im/secrets/chat/easybridge/db_user Normal file
View file

@ -0,0 +1 @@
CONST easybridge

1
app/im/secrets/chat/easybridge/hs_token Normal file
View file

@ -0,0 +1 @@
CMD openssl rand -hex 32

2
app/im/secrets/chat/easybridge/web_session_key Normal file
View file

@ -0,0 +1,2 @@
CMD openssl rand -hex 32

2
app/im/secrets/chat/fb2mx/as_token
View file

@ -1 +1 @@
USER fb2mx API server token CMD openssl rand -hex 32

2
app/im/secrets/chat/fb2mx/hs_token
View file

@ -1 +1 @@
USER fb2mx homeserver token CMD openssl rand -hex 32

1
app/im/secrets/chat/synapse/homeserver.signing.key Normal file
View file

@ -0,0 +1 @@
USER Synapse homeserver ed25519 signing key

2
app/im/secrets/chat/synapse/registration_shared_secret
View file

@ -1 +1 @@
USER Shared secret for homeserver registrations (?) CMD head -c 32 /dev/urandom | base64

2
app/plume/secrets/plume/pgsql_pw
View file

@ -1 +1 @@
CMD openssl rand -base64 32 SERVICE_PASSWORD plume

9
app/secretmgr.py
View file

@ -43,6 +43,9 @@ USER_LONG <description>
CMD <command> CMD <command>
(a secret that is generated by running this command) (a secret that is generated by running this command)
CMD_ONCE <command>
(same, but value is not changed when doing a regen)
CONST <constant value> CONST <constant value>
(the secret has a constant value set here) (the secret has a constant value set here)
@ -81,6 +84,7 @@ consul_server = consul.Consul()
USER = "USER" USER = "USER"
USER_LONG = "USER_LONG" USER_LONG = "USER_LONG"
CMD = "CMD" CMD = "CMD"
CMD_ONCE = "CMD_ONCE"
CONST = "CONST" CONST = "CONST"
CONST_LONG = "CONST_LONG" CONST_LONG = "CONST_LONG"
SERVICE_DN = "SERVICE_DN" SERVICE_DN = "SERVICE_DN"
@ -108,7 +112,7 @@ def read_secret(key, file_path):
secret = {"type": stype, "key": key} secret = {"type": stype, "key": key}
if stype in [USER, USER_LONG]: if stype in [USER, USER_LONG]:
secret["desc"] = " ".join(l0[1:]) secret["desc"] = " ".join(l0[1:])
elif stype == CMD: elif stype in [CMD, CMD_ONCE]:
secret["cmd"] = " ".join(l0[1:]) secret["cmd"] = " ".join(l0[1:])
elif stype == CONST: elif stype == CONST:
secret["value"] = " ".join(l0[1:]) secret["value"] = " ".join(l0[1:])
@ -151,6 +155,7 @@ def get_secrets_services(secrets):
if svc not in services: if svc not in services:
services[svc] = { services[svc] = {
"dn": "cn=%s,%s"%(svc, SERVICE_DN_SUFFIX), "dn": "cn=%s,%s"%(svc, SERVICE_DN_SUFFIX),
"desc": "(not provided)",
"pass": None, "pass": None,
"dn_at": [], "dn_at": [],
"pass_at": [], "pass_at": [],
@ -289,7 +294,7 @@ def gen_secrets_base(secrets, regen):
consul_server.kv.put(key, secret["value"]) consul_server.kv.put(key, secret["value"])
print(bcolors.OKCYAN, "Value set.", bcolors.ENDC) print(bcolors.OKCYAN, "Value set.", bcolors.ENDC)
if secret["type"] == CMD: if secret["type"] == CMD or (secret["type"] == CMD_ONCE and data is None):
print("----") print("----")
print(key) print(key)
print("Executing command:", secret["cmd"]) print("Executing command:", secret["cmd"])