diff options
| author |  vnugent <public@vaughnnugent.com> | 2024-05-14 22:27:10 -0400 |
|---|---|---|
| committer | vnugent <public@vaughnnugent.com> | 2024-05-14 22:27:10 -0400 |
| commit | 372eb6a32a9891afb5035caa0805e8ed878416d8 (patch) | |
| tree | 5151d9fe0f2aa9798ecac6571b9f4f2afe3cb27a | |
| parent | 1b7270b40b65ef089bf40a14065227f742b8507e (diff) | |
default read secret pepper from file for bare-metal builds
| -rw-r--r-- | ci/config/config.json | 2 | ||||
| -rw-r--r-- | ci/release.taskfile.yaml | 18 |
2 files changed, 19 insertions, 1 deletions
diff --git a/ci/config/config.json b/ci/config/config.json index f6b55e9..0d8b839 100644 --- a/ci/config/config.json +++ b/ci/config/config.json @@ -177,6 +177,6 @@ //Global secrets object, used by the host and pluings for a specialized secrets "secrets": { //"db_password": "" - "passwords": "_yourbase64passwordsecret_" + "passwords": "file://secrets/password-pepper.txt" } } diff --git a/ci/release.taskfile.yaml b/ci/release.taskfile.yaml index 4268f25..7fecb07 100644 --- a/ci/release.taskfile.yaml +++ b/ci/release.taskfile.yaml @@ -9,6 +9,7 @@ vars: SSL_DIR: "ssl" DATA_DIR: "data" DEFAULT_EC_CURVE: "secp384r1" + PASS_PEPPER_SIZE: 64 tasks: default: @@ -69,6 +70,23 @@ tasks: platforms: [ windows/amd64 ] ignore_error: true + create-pepper: + desc: "Generates a new pepper for hashing passwords." + vars: + PEPPER_FILE: "secrets/password-pepper.txt" + cmds: + - cmd: mkdir secrets/ + platforms: [ linux, darwin ] + ignore_error: true + - cmd: powershell -Command "mkdir secrets/" + platforms: [ windows/amd64 ] + ignore_error: true + + - cmd: openssl rand -base64 {{.PASS_PEPPER_SIZE}} > {{.PEPPER_FILE}} + platforms: [ linux, darwin ] + + - echo "DO NOT EVER LOSE OR UPDATE THIS FILE!" + create-cert: desc: "Genereates a new self-signed TLS certificate" cmds: |