HorizonStackSoftware/optima
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity
Files
7624ba0bc07a3e053d10cef51d6edcd42b9d2216
optima/api/utils/genProductionKeys.ts
T

68 lines
2.1 KiB
TypeScript
Raw Blame History

import crypto from "crypto";
import { mkdirSync } from "fs";
const outputDir = "production-keys";
console.log(`
Generating Production Keys
-----------------
This script will generate all RSA key pairs needed for the production deployment.
Output directory: ${outputDir}/
-----------------`);
// Ensure output directory exists
mkdirSync(outputDir, { recursive: true });
const keyFiles = ["accessToken", "refreshToken", "permissions", "secureValues"];
const generatedKeys: Record<string, { private: string; public: string }> = {};
for (const name of keyFiles) {
console.log(`Generating '${name}' key pair (4096-bit RSA)...`);
const { privateKey, publicKey } = crypto.generateKeyPairSync("rsa", {
modulusLength: 4096,
privateKeyEncoding: { type: "pkcs8", format: "pem" },
publicKeyEncoding: { type: "spki", format: "pem" },
});
generatedKeys[name] = { private: privateKey, public: publicKey };
const privPath = `${outputDir}/${name}.key`;
const pubPath = `${outputDir}/${name}.pub`;
await Bun.write(privPath, privateKey);
await Bun.write(pubPath, publicKey);
console.log(`${privPath}`);
console.log(`${pubPath}`);
}
// Generate Kubernetes Secret YAML
const toBase64 = (str: string) => Buffer.from(str).toString("base64");
const secretYaml = `apiVersion: v1
kind: Secret
metadata:
name: optima-keys-secret
namespace: optima
type: Opaque
data:
ACCESS_TOKEN_PRIVATE_KEY: ${toBase64(generatedKeys["accessToken"].private)}
REFRESH_TOKEN_PRIVATE_KEY: ${toBase64(generatedKeys["refreshToken"].private)}
PERMISSIONS_PRIVATE_KEY: ${toBase64(generatedKeys["permissions"].private)}
SECURE_VALUES_PRIVATE_KEY: ${toBase64(generatedKeys["secureValues"].private)}
SECURE_VALUES_PUBLIC_KEY: ${toBase64(generatedKeys["secureValues"].public)}
`;
const secretPath = `${outputDir}/optima-keys-secret.yaml`;
await Bun.write(secretPath, secretYaml);
console.log(`\n ✔ ${secretPath}`);
console.log(`
-----------------
All production keys and K8s Secret manifest generated in '${outputDir}/'.
⚠️ Delete the '${outputDir}/' directory after applying to your cluster.
Do NOT commit these keys to version control.
-----------------
`);
Reference in New Issue View Git Blame Copy Permalink