TrueCloudLab/certificates
17
0
Fork 2
Code Issues 1 Pull requests 1 Releases Activity Actions

Auto-generate password by default

Browse source
This commit is contained in:
Carl Tashian 2021-08-18 11:09:26 -07:00
parent 8d52379771
commit 7ab26c8303
1 changed files with 14 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
docker/entrypoint.sh
View file

@ -8,10 +8,11 @@ set -eo pipefail
export STEPPATH=$(step path) export STEPPATH=$(step path)
# List of env vars required for step ca init # List of env vars required for step ca init
declare -ra REQUIRED_INIT_VARS=(DOCKER_STEPCA_INIT_NAME DOCKER_STEPCA_INIT_DNS DOCKER_STEPCA_INIT_EMAIL DOCKER_STEPCA_INIT_PASSWORD) declare -ra REQUIRED_INIT_VARS=(DOCKER_STEPCA_INIT_NAME DOCKER_STEPCA_INIT_DNS DOCKER_STEPCA_INIT_EMAIL)
# optional: # optional:
# DOCKER_STEPCA_INIT_SSH (boolean default false) # DOCKER_STEPCA_INIT_PASSWORD (initial CA password)
# DOCKER_STEPCA_INIT_SSH (boolean: given a non-empty value, create an SSH CA)
# Ensure all env vars required to run step ca init are set. # Ensure all env vars required to run step ca init are set.
function init_if_possible () { function init_if_possible () {
@ -28,9 +29,19 @@ function init_if_possible () {
fi fi
} }
function generate_password () {
set +o pipefail
< /dev/urandom tr -dc A-Za-z0-9 | head -c40
set -o pipefail
}
# Initialize a CA if not already initialized # Initialize a CA if not already initialized
function step_ca_init () { function step_ca_init () {
echo "${DOCKER_STEPCA_INIT_PASSWORD}" > "${STEPPATH}/password" if [ -n "${DOCKER_STEPCA_INIT_PASSWORD}" ]; then
echo -n "${DOCKER_STEPCA_INIT_PASSWORD}" > "${STEPPATH}/password"
else
generate_password > "${STEPPATH}/password"
fi
local -a setup_args=( local -a setup_args=(
--name "${DOCKER_STEPCA_INIT_NAME}" --name "${DOCKER_STEPCA_INIT_NAME}"
--dns "${DOCKER_STEPCA_INIT_DNS}" --dns "${DOCKER_STEPCA_INIT_DNS}"