forked from coop-cloud/authentik
feat(secrets): use docker secrets and make them rotateable
This commit is contained in:
32
abra.sh
32
abra.sh
@ -25,3 +25,35 @@ customize() {
|
||||
abra app cp $APP_NAME $1/icon.png app:/web/dist/assets/icons/
|
||||
fi
|
||||
}
|
||||
|
||||
set_admin_pass() {
|
||||
password=$(cat /run/secrets/admin_pass)
|
||||
token=$(cat /run/secrets/admin_token)
|
||||
/manage.py shell -c """
|
||||
akadmin = User.objects.get(username='akadmin')
|
||||
akadmin.set_password('$password')
|
||||
akadmin.save()
|
||||
print('Changed akadmin password')
|
||||
|
||||
from authentik.core.models import TokenIntents
|
||||
key='$token'
|
||||
if (token:= Token.objects.filter(identifier='authentik-bootstrap-token').first()):
|
||||
token.key=key
|
||||
token.save()
|
||||
print('Changed authentik-bootstrap-token')
|
||||
else:
|
||||
Token.objects.create(
|
||||
identifier='authentik-bootstrap-token',
|
||||
user=akadmin,
|
||||
intent=TokenIntents.INTENT_API,
|
||||
expiring=False,
|
||||
key=key,
|
||||
)
|
||||
print('Created authentik-bootstrap-token')
|
||||
"""
|
||||
}
|
||||
|
||||
rotate_db_pass() {
|
||||
db_password=$(cat /run/secrets/db_password)
|
||||
psql -U authentik -c """ALTER USER authentik WITH PASSWORD '$db_password';"""
|
||||
}
|
||||
|
Reference in New Issue
Block a user