3333
3434insert_secret () {
3535 localSecret=" ${secret:- $(generate_secret)} "
36+ # For any group of yaml paths passed add the same (!) password.
3637 for key in " $@ " ; do
3738 localSecret=" $localSecret " " $key = strenv(localSecret)"
3839 done
40+ # Do not remove this 'secret=' line! It ensures that subsequent replacements get a unique password.
41+ secret=
3942}
4043
41- insert_secret " .mongodb.auth.replicaSetKey"
42- insert_secret " .mongodb.auth.rootPassword"
43- insert_secret " .mongodb.auth.passwords[0]"
44+ # -- Groups of shared passwords
4445
45- insert_secret " .graylog.graylog.rootPassword"
46- insert_secret " .kube_prometheus_stack.kube-prometheus-stack.grafana.adminPassword"
47-
48- nginx_auth_password=$( generate_secret)
49- secret=" thehyve:$( echo $nginx_auth_password | openssl passwd -apr1 -stdin) " " .kube_prometheus_stack.nginx_auth"
50- comment=" username: thehyve, password: $nginx_auth_password " " .kube_prometheus_stack.nginx_auth line_comment |= strenv(comment)"
51-
52- insert_secret " .kafka_manager.basicAuth.password"
53-
54- # Shared postgresql secret
46+ # Management portal postgres database
5547insert_secret \
5648 " .postgresql.global.postgresql.auth.postgresPassword"
5749 " .postgresql.auth.replicationPassword"
5850 " .management_portal.postgres.password"
5951 " .app_config.jdbc.password"
6052 " .radar_rest_sources_backend.postgres.password"
6153
62- insert_secret " .management_portal.managementportal.common_admin_password"
63- insert_secret " .management_portal.managementportal.frontend_client_secret"
64- insert_secret " .management_portal.oauth_clients.radar_upload_backend.client_secret"
65- insert_secret " .management_portal.oauth_clients.radar_upload_connect.client_secret"
66- insert_secret " .management_portal.oauth_clients.radar_rest_sources_auth_backend.client_secret"
67- insert_secret " .management_portal.oauth_clients.radar_redcap_integrator.client_secret"
68- insert_secret " .management_portal.oauth_clients.radar_fitbit_connector.client_secret"
69- insert_secret " .management_portal.oauth_clients.radar_appconfig.client_secret"
70- insert_secret " .management_portal.oauth_clients.radar_push_endpoint.client_secret"
71-
54+ # Appserver postgres database
7255insert_secret \
7356 " .radar_appserver_postgresql.global.postgresql.auth.postgresPassword"
7457 " .radar_appserver_postgresql.auth.replicationPassword"
7558 " .radar_appserver.postgres.password"
7659
77- insert_secret " .timescaledb_password"
78- insert_secret " .grafana_password"
79- insert_secret " .grafana_metrics_password"
80-
81- insert_secret " .s3_access_key"
82- insert_secret " .s3_secret_key"
60+ # --
8361
84- insert_secret " .radar_upload_postgres_password"
62+ # The NGINX password for prometheus follows a pattern different from others.
63+ nginx_auth_password=$( generate_secret)
64+ secret=" thehyve:$( echo $nginx_auth_password | openssl passwd -apr1 -stdin) " " .kube_prometheus_stack.nginx_auth"
65+ comment=" username: thehyve, password: $nginx_auth_password " " .kube_prometheus_stack.nginx_auth line_comment |= strenv(comment)"
8566
86- echo " Passwords and secrets have been generated successfully."
67+ # Generate secrets for all remaining fields with value 'secret'.
68+ replacements=$( yq e ' .. | select(. == "secret") | [(path | "."+join("."))] | join(" ")' ) ;
69+ for key in $replacements ; do
70+ insert_secret $key
71+ done
0 commit comments