diff --git a/backend/mpc-system/scripts/deploy.sh b/backend/mpc-system/scripts/deploy.sh index 55f0ed5b..628ed204 100644 --- a/backend/mpc-system/scripts/deploy.sh +++ b/backend/mpc-system/scripts/deploy.sh @@ -339,6 +339,19 @@ Environment=MPC_SERVER_HTTP_PORT=8085" log_info "Systemd services created" } +# ============================================ +# Generate Secure Random Keys +# ============================================ +generate_random_password() { + # Generate a random 32-character alphanumeric password + openssl rand -base64 32 | tr -dc 'a-zA-Z0-9' | head -c 32 +} + +generate_random_hex_key() { + # Generate a random 64-character hex key (256-bit) + openssl rand -hex 32 +} + # ============================================ # Create Environment Configuration # ============================================ @@ -346,24 +359,33 @@ create_env_config() { log_info "Creating environment configuration..." if [ ! -f "$CONFIG_DIR/mpc.env" ]; then - cat > "$CONFIG_DIR/mpc.env" << 'EOF' + # Generate secure random keys + local POSTGRES_PASS=$(generate_random_password) + local RABBITMQ_PASS=$(generate_random_password) + local JWT_SECRET=$(generate_random_password) + local API_KEY=$(generate_random_password) + local MASTER_KEY=$(generate_random_hex_key) + + log_info "Generating secure random keys..." + + cat > "$CONFIG_DIR/mpc.env" << EOF # MPC-System Environment Configuration -# Modify these values for your production environment +# Auto-generated secure keys - modify if needed # Environment ENVIRONMENT=production # PostgreSQL Database POSTGRES_USER=mpc_user -POSTGRES_PASSWORD=your_secure_postgres_password_here +POSTGRES_PASSWORD=${POSTGRES_PASS} MPC_DATABASE_HOST=localhost MPC_DATABASE_PORT=5432 MPC_DATABASE_USER=mpc_user -MPC_DATABASE_PASSWORD=your_secure_postgres_password_here +MPC_DATABASE_PASSWORD=${POSTGRES_PASS} MPC_DATABASE_DBNAME=mpc_system MPC_DATABASE_SSLMODE=disable -# Redis Cache +# Redis Cache (empty = no password) REDIS_PASSWORD= MPC_REDIS_HOST=localhost MPC_REDIS_PORT=6379 @@ -371,23 +393,23 @@ MPC_REDIS_PASSWORD= # RabbitMQ Message Queue RABBITMQ_USER=mpc_user -RABBITMQ_PASSWORD=your_secure_rabbitmq_password_here +RABBITMQ_PASSWORD=${RABBITMQ_PASS} MPC_RABBITMQ_HOST=localhost MPC_RABBITMQ_PORT=5672 MPC_RABBITMQ_USER=mpc_user -MPC_RABBITMQ_PASSWORD=your_secure_rabbitmq_password_here +MPC_RABBITMQ_PASSWORD=${RABBITMQ_PASS} # JWT Configuration -JWT_SECRET_KEY=your_super_secure_jwt_secret_key_at_least_32_characters -MPC_JWT_SECRET_KEY=your_super_secure_jwt_secret_key_at_least_32_characters +JWT_SECRET_KEY=${JWT_SECRET} +MPC_JWT_SECRET_KEY=${JWT_SECRET} MPC_JWT_ISSUER=mpc-system -# Crypto Master Key (64 hex characters = 256-bit key) -CRYPTO_MASTER_KEY=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef -MPC_CRYPTO_MASTER_KEY=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef +# Crypto Master Key (64 hex characters = 256-bit key for encrypting key shares) +CRYPTO_MASTER_KEY=${MASTER_KEY} +MPC_CRYPTO_MASTER_KEY=${MASTER_KEY} # API Security -MPC_API_KEY=your_very_secure_api_key_at_least_32_characters +MPC_API_KEY=${API_KEY} ALLOWED_IPS=192.168.1.111 # Server Configuration @@ -403,13 +425,46 @@ EOF chmod 600 "$CONFIG_DIR/mpc.env" chown "$MPC_USER:$MPC_GROUP" "$CONFIG_DIR/mpc.env" - log_warn "Environment file created at $CONFIG_DIR/mpc.env" - log_warn "Please edit this file with your production values before starting services!" + log_info "Environment file created with auto-generated secure keys" + log_info "Keys saved to: $CONFIG_DIR/mpc.env" else log_info "Environment file already exists" fi } +# ============================================ +# Regenerate Keys (for existing installation) +# ============================================ +regenerate_keys() { + check_root + + log_info "Regenerating secure keys..." + + local MASTER_KEY=$(generate_random_hex_key) + local JWT_SECRET=$(generate_random_password) + local API_KEY=$(generate_random_password) + + # Update only the keys that might have placeholder values + if [ -f "$CONFIG_DIR/mpc.env" ]; then + # Replace placeholder master key patterns + sed -i "s/your_64_hex_characters_master_key_here/${MASTER_KEY}/g" "$CONFIG_DIR/mpc.env" + sed -i "s/0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef/${MASTER_KEY}/g" "$CONFIG_DIR/mpc.env" + + # Replace placeholder JWT key + sed -i "s/your_super_secure_jwt_secret_key_at_least_32_characters/${JWT_SECRET}/g" "$CONFIG_DIR/mpc.env" + + # Replace placeholder API key + sed -i "s/your_very_secure_api_key_at_least_32_characters/${API_KEY}/g" "$CONFIG_DIR/mpc.env" + + log_info "Keys regenerated successfully" + log_info "New MASTER_KEY: ${MASTER_KEY:0:16}... (hidden)" + log_info "Restart services with: $0 restart" + else + log_error "Environment file not found: $CONFIG_DIR/mpc.env" + exit 1 + fi +} + # ============================================ # Service Control Functions # ============================================ @@ -701,6 +756,9 @@ case "${1:-}" in reconfigure) reconfigure ;; + regenerate-keys) + regenerate_keys + ;; debug) debug ;; @@ -725,31 +783,32 @@ case "${1:-}" in *) echo "MPC-System Deployment Script" echo "" - echo "Usage: $0 {install|build|reconfigure|debug|start|stop|restart|status|logs|uninstall}" + echo "Usage: $0 {install|build|reconfigure|regenerate-keys|debug|start|stop|restart|status|logs|uninstall}" echo "" echo "Commands:" - echo " install - Install system dependencies (Go, PostgreSQL, Redis, RabbitMQ)" - echo " build - Build services and configure infrastructure" - echo " reconfigure - Reconfigure PostgreSQL/Redis/RabbitMQ (fix auth issues)" - echo " debug - Show debug information and test connections" - echo " start - Start all MPC services" - echo " stop - Stop all MPC services" - echo " restart - Restart all MPC services" - echo " status - Show service status" - echo " logs - View service logs (use: $0 logs [service-name])" - echo " uninstall - Remove MPC services" + echo " install - Install system dependencies (Go, PostgreSQL, Redis, RabbitMQ)" + echo " build - Build services and configure infrastructure" + echo " reconfigure - Reconfigure PostgreSQL/Redis/RabbitMQ (fix auth issues)" + echo " regenerate-keys - Regenerate secure keys (fix placeholder key issues)" + echo " debug - Show debug information and test connections" + echo " start - Start all MPC services" + echo " stop - Stop all MPC services" + echo " restart - Restart all MPC services" + echo " status - Show service status" + echo " logs - View service logs (use: $0 logs [service-name])" + echo " uninstall - Remove MPC services" echo "" echo "Example:" - echo " $0 install # First time setup" - echo " vim $CONFIG_DIR/mpc.env # Edit configuration" + echo " $0 install # First time setup (auto-generates secure keys)" echo " $0 build # Build and configure" echo " $0 start # Start services" echo " $0 status # Check status" echo "" echo "Troubleshooting:" - echo " $0 debug # Show debug info and test DB connection" - echo " $0 reconfigure # Fix database authentication issues" - echo " $0 restart # Then restart services" + echo " $0 debug # Show debug info and test DB connection" + echo " $0 reconfigure # Fix database authentication issues" + echo " $0 regenerate-keys # Fix 'Invalid master key format' errors" + echo " $0 restart # Then restart services" echo "" exit 1 ;;