jcoakley/dev1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
64814e09e3
dev1/rotate_dev_secrets.sh

62 lines
2.3 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
set -euo pipefail
PROJECT=aptivaai-dev
ENV=dev
add_ver() {
local name="$1" ; shift
gcloud secrets versions add "${name}_${ENV}" --data-file=- --project="$PROJECT" >/dev/null
echo "${name}_${ENV} rotated"
}
echo "🔐 Rotating DEV secrets in ${PROJECT}"
# ── Generate fresh randoms
openssl rand -hex 32 | add_ver JWT_SECRET
# ── Paste new third-party keys (press Enter to skip any you don't want to rotate)
read -s -p "OPENAI_API_KEY_${ENV}: " OPENAI && echo
[[ -n "${OPENAI}" ]] && printf "%s" "$OPENAI" | add_ver OPENAI_API_KEY
read -p "ONET_USERNAME_${ENV}: " ONETU && echo
[[ -n "${ONETU}" ]] && printf "%s" "$ONETU" | add_ver ONET_USERNAME
read -s -p "ONET_PASSWORD_${ENV}: " ONETP && echo
[[ -n "${ONETP}" ]] && printf "%s" "$ONETP" | add_ver ONET_PASSWORD
read -s -p "STRIPE_SECRET_KEY_${ENV}: " SSK && echo
[[ -n "${SSK}" ]] && printf "%s" "$SSK" | add_ver STRIPE_SECRET_KEY
read -p "STRIPE_PUBLISHABLE_KEY_${ENV}: " SPK && echo
[[ -n "${SPK}" ]] && printf "%s" "$SPK" | add_ver STRIPE_PUBLISHABLE_KEY
read -s -p "STRIPE_WH_SECRET_${ENV}: " SWH && echo
[[ -n "${SWH}" ]] && printf "%s" "$SWH" | add_ver STRIPE_WH_SECRET
read -s -p "SUPPORT_SENDGRID_API_KEY_${ENV}: " SG && echo
[[ -n "${SG}" ]] && printf "%s" "$SG" | add_ver SUPPORT_SENDGRID_API_KEY
read -s -p "EMAIL_INDEX_SECRET_${ENV}: " EIDX && echo
[[ -n "${EIDX}" ]] && printf "%s" "$EIDX" | add_ver EMAIL_INDEX_SECRET
read -p "TWILIO_ACCOUNT_SID_${ENV}: " TSID && echo
[[ -n "${TSID}" ]] && printf "%s" "$TSID" | add_ver TWILIO_ACCOUNT_SID
read -s -p "TWILIO_AUTH_TOKEN_${ENV}: " TAUT && echo
[[ -n "${TAUT}" ]] && printf "%s" "$TAUT" | add_ver TWILIO_AUTH_TOKEN
read -p "TWILIO_MESSAGING_SERVICE_SID_${ENV}: " TMSS && echo
[[ -n "${TMSS}" ]] && printf "%s" "$TMSS" | add_ver TWILIO_MESSAGING_SERVICE_SID
# Optional: rotate Maps if it was in the leaked image
read -s -p "GOOGLE_MAPS_API_KEY_${ENV} (optional): " GMAPS && echo
[[ -n "${GMAPS}" ]] && printf "%s" "$GMAPS" | add_ver GOOGLE_MAPS_API_KEY
echo "🔁 Rebuilding DEV with fresh secrets…"
ENV=dev ./deploy_all.sh
echo "🧪 Verifying runtime env inside containers:"
docker compose exec -T server1 sh -lc 'printenv | egrep "JWT_SECRET|OPENAI|ONET|STRIPE_(SECRET|PUBLISH|WH)|SENDGRID|EMAIL_INDEX|TWILIO|TOKEN_MAX_AGE_MS|ACCESS_COOKIE_NAME|COOKIE_(SECURE|SAMESITE)"'
echo "✅ Done."
Reference in New Issue View Git Blame Copy Permalink