feat(secrets): use docker secrets and make them rotateable

This commit is contained in:
2022-11-17 19:34:20 +01:00
parent 3be4b1356a
commit ed8b1371e4
4 changed files with 87 additions and 45 deletions

32
abra.sh
View File

@ -25,3 +25,35 @@ customize() {
abra app cp $APP_NAME $1/icon.png app:/web/dist/assets/icons/
fi
}
set_admin_pass() {
password=$(cat /run/secrets/admin_pass)
token=$(cat /run/secrets/admin_token)
/manage.py shell -c """
akadmin = User.objects.get(username='akadmin')
akadmin.set_password('$password')
akadmin.save()
print('Changed akadmin password')
from authentik.core.models import TokenIntents
key='$token'
if (token:= Token.objects.filter(identifier='authentik-bootstrap-token').first()):
token.key=key
token.save()
print('Changed authentik-bootstrap-token')
else:
Token.objects.create(
identifier='authentik-bootstrap-token',
user=akadmin,
intent=TokenIntents.INTENT_API,
expiring=False,
key=key,
)
print('Created authentik-bootstrap-token')
"""
}
rotate_db_pass() {
db_password=$(cat /run/secrets/db_password)
psql -U authentik -c """ALTER USER authentik WITH PASSWORD '$db_password';"""
}