diff options
| author | Alex Auvolat <alex@adnab.me> | 2022-12-24 23:58:38 +0100 |
|---|---|---|
| committer | Alex Auvolat <alex@adnab.me> | 2022-12-24 23:58:38 +0100 |
| commit | 11f87a3cd2c16a21fdd93690b35cd7bac4c21f85 (patch) | |
| tree | 85b3b6a5776d2291b00c341fd157abf3df0567ed | |
| parent | 8d17a07c9be5cd9d400644c34ea50177535d15f6 (diff) | |
| download | nixcfg-11f87a3cd2c16a21fdd93690b35cd7bac4c21f85.tar.gz nixcfg-11f87a3cd2c16a21fdd93690b35cd7bac4c21f85.zip | |
staging: add missing secrets, update exiting ones to autogen/autorotate
8 files changed, 8 insertions, 4 deletions
diff --git a/cluster/staging/app/core/secrets/d53/gandi_api_key b/cluster/staging/app/core/secrets/d53/gandi_api_key new file mode 100644 index 0000000..b3936c9 --- /dev/null +++ b/cluster/staging/app/core/secrets/d53/gandi_api_key @@ -0,0 +1 @@ +USER Gandi API key diff --git a/cluster/staging/app/garage/secrets/garage-staging/admin_token b/cluster/staging/app/garage/secrets/garage-staging/admin_token new file mode 100644 index 0000000..5fa4e3c --- /dev/null +++ b/cluster/staging/app/garage/secrets/garage-staging/admin_token @@ -0,0 +1 @@ +CMD openssl rand -hex 32 diff --git a/cluster/staging/app/garage/secrets/garage-staging/metrics_token b/cluster/staging/app/garage/secrets/garage-staging/metrics_token new file mode 100644 index 0000000..5fa4e3c --- /dev/null +++ b/cluster/staging/app/garage/secrets/garage-staging/metrics_token @@ -0,0 +1 @@ +CMD openssl rand -hex 32 diff --git a/cluster/staging/app/garage/secrets/garage-staging/rpc_secret b/cluster/staging/app/garage/secrets/garage-staging/rpc_secret index d831d53..5fa4e3c 100644 --- a/cluster/staging/app/garage/secrets/garage-staging/rpc_secret +++ b/cluster/staging/app/garage/secrets/garage-staging/rpc_secret @@ -1 +1 @@ -CMD_ONCE openssl rand -hex 32 +CMD openssl rand -hex 32 diff --git a/cluster/staging/app/im/secrets/synapse/form_secret b/cluster/staging/app/im/secrets/synapse/form_secret index 37cf6ed..f601137 100644 --- a/cluster/staging/app/im/secrets/synapse/form_secret +++ b/cluster/staging/app/im/secrets/synapse/form_secret @@ -1 +1 @@ -USER Synapse's `form_secret` configuration parameter +CMD openssl rand -base64 42 diff --git a/cluster/staging/app/im/secrets/synapse/macaroon_secret_key b/cluster/staging/app/im/secrets/synapse/macaroon_secret_key index 5f7f959..f601137 100644 --- a/cluster/staging/app/im/secrets/synapse/macaroon_secret_key +++ b/cluster/staging/app/im/secrets/synapse/macaroon_secret_key @@ -1 +1 @@ -USER Synapse's `macaroon_secret_key` parameter +CMD openssl rand -base64 42 diff --git a/cluster/staging/app/im/secrets/synapse/registration_shared_secret b/cluster/staging/app/im/secrets/synapse/registration_shared_secret index 60edd0e..f601137 100644 --- a/cluster/staging/app/im/secrets/synapse/registration_shared_secret +++ b/cluster/staging/app/im/secrets/synapse/registration_shared_secret @@ -1 +1 @@ -USER Synapse's `registration_shared_secret` parameter +CMD openssl rand -base64 42 diff --git a/secretmgr/secretmgr b/secretmgr/secretmgr index 3c0ec08..0595f81 100755 --- a/secretmgr/secretmgr +++ b/secretmgr/secretmgr @@ -379,3 +379,4 @@ if __name__ == "__main__": print(" secretmgr.py [check|gen|regen] <module name>...") +# vim: set sts=4 ts=4 sw=4 tw=0 ft=python et : |