ci: generate auth secret in production (#1681)

* ci: generate auth secret in production * refactor: remove no longer needed auth-secret from e2e test * fix: remove static auth secret
2024-12-17 19:10:19 +01:00
parent c050ec4fe9
commit 15d47d0585
6 changed files with 19 additions and 10 deletions
--- a/scripts/run.sh
+++ b/scripts/run.sh
@@ -18,11 +18,24 @@ if [ -r /secrets/encryptionKey ]; then
    encryptionKey=$(cat /secrets/encryptionKey)
 else
    echo "Generating encryption key"
-    encryptionKey=$(node ./generateEncryptionKey.js)
+    encryptionKey=$(node ./generateRandomSecureKey.js)
    echo $encryptionKey > /secrets/encryptionKey
 fi
 export ENCRYPTION_KEY=$encryptionKey

+# Generates an auth secret if it doesn't exist and saves it to /secrets/authSecret
+# Also sets the AUTH_SECRET environment variable required for auth.js
+authSecret=""
+if [ -r /secrets/authSecret ]; then
+    echo "Auth secret already exists"
+    authSecret=$(cat /secrets/authSecret)
+else
+    echo "Generating auth secret"
+    authSecret=$(node ./generateRandomSecureKey.js)
+    echo $authSecret > /secrets/authSecret
+fi
+export AUTH_SECRET=$authSecret
+
 # Start nginx proxy
 # 1. Replace the HOSTNAME in the nginx template file
 # 2. Create the nginx configuration file from the template