import keypair from "keypair"; import { mkdirSync } from "fs"; const outputDir = "production-keys"; console.log(` Generating Production Keys ----------------- This script will generate all RSA key pairs needed for the production deployment. Output directory: ${outputDir}/ -----------------`); // Ensure output directory exists mkdirSync(outputDir, { recursive: true }); const keyFiles = ["accessToken", "refreshToken", "permissions", "secureValues"]; const generatedKeys: Record = {}; for (const name of keyFiles) { console.log(`Generating '${name}' key pair (4096-bit RSA)...`); const keys = keypair({ bits: 4096 }); generatedKeys[name] = keys; const privPath = `${outputDir}/${name}.key`; const pubPath = `${outputDir}/${name}.pub`; await Bun.write(privPath, keys.private); await Bun.write(pubPath, keys.public); console.log(` ✔ ${privPath}`); console.log(` ✔ ${pubPath}`); } // Generate Kubernetes Secret YAML const toBase64 = (str: string) => Buffer.from(str).toString("base64"); const secretYaml = `apiVersion: v1 kind: Secret metadata: name: ttscm-keys type: Opaque data: accessToken.key: ${toBase64(generatedKeys["accessToken"].private)} refreshToken.key: ${toBase64(generatedKeys["refreshToken"].private)} permissions.key: ${toBase64(generatedKeys["permissions"].private)} secureValues.key: ${toBase64(generatedKeys["secureValues"].private)} secureValues.pub: ${toBase64(generatedKeys["secureValues"].public)} `; const secretPath = `${outputDir}/ttscm-keys-secret.yaml`; await Bun.write(secretPath, secretYaml); console.log(`\n ✔ ${secretPath}`); console.log(` ----------------- All production keys and K8s Secret manifest generated in '${outputDir}/'. ⚠️ Delete the '${outputDir}/' directory after applying to your cluster. Do NOT commit these keys to version control. ----------------- `);