ci: generate auth secret in production (#1681)

* ci: generate auth secret in production

* refactor: remove no longer needed auth-secret from e2e test

* fix: remove static auth secret

scripts/generateRandomSecureKey.js

@@ -1,6 +1,6 @@
-// This script generates a random encryption key
-// This key is used to encrypt and decrypt the integration secrets
-// In production it is generated in run.sh and stored in the environment variable ENCRYPTION_KEY
+// This script generates a random secure key with a length of 64 characters
+// This key is used to encrypt and decrypt the integration secrets for auth.js
+// In production it is generated in run.sh and stored in the environment variables ENCRYPTION_KEY / AUTH_SECRET
 // during runtime, it's also stored in a file.
 
 const crypto = require("crypto");

scripts/run.sh

@@ -18,11 +18,24 @@ if [ -r /secrets/encryptionKey ]; then
     encryptionKey=$(cat /secrets/encryptionKey)
 else
     echo "Generating encryption key"
-    encryptionKey=$(node ./generateEncryptionKey.js)
+    encryptionKey=$(node ./generateRandomSecureKey.js)
     echo $encryptionKey > /secrets/encryptionKey
 fi
 export ENCRYPTION_KEY=$encryptionKey
 
+# Generates an auth secret if it doesn't exist and saves it to /secrets/authSecret
+# Also sets the AUTH_SECRET environment variable required for auth.js
+authSecret=""
+if [ -r /secrets/authSecret ]; then
+    echo "Auth secret already exists"
+    authSecret=$(cat /secrets/authSecret)
+else
+    echo "Generating auth secret"
+    authSecret=$(node ./generateRandomSecureKey.js)
+    echo $authSecret > /secrets/authSecret
+fi
+export AUTH_SECRET=$authSecret
+
 # Start nginx proxy
 # 1. Replace the HOSTNAME in the nginx template file
 # 2. Create the nginx configuration file from the template