hailin
/
rwadurian
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: auto-generate secure keys and add regenerate-keys command 

- create_env_config() now auto-generates random secure keys:
  - PostgreSQL password (32 char alphanumeric)
  - RabbitMQ password (32 char alphanumeric)
  - JWT secret (32 char alphanumeric)
  - API key (32 char alphanumeric)
  - Master key (64 hex chars = 256-bit)
- Add regenerate-keys command to fix placeholder key issues
- Fixes "Invalid master key format" error for server-party services

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Developer 2025-12-02 00:39:12 -08:00
parent ec9366186c
commit ee398534bb
1 changed files with 90 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

121
backend/mpc-system/scripts/deploy.sh
View File

@ -339,6 +339,19 @@ Environment=MPC_SERVER_HTTP_PORT=8085"
log_info "Systemd services created" log_info "Systemd services created"
} }
# ============================================
# Generate Secure Random Keys
# ============================================
generate_random_password() {
# Generate a random 32-character alphanumeric password
openssl rand -base64 32 | tr -dc 'a-zA-Z0-9' | head -c 32
}
generate_random_hex_key() {
# Generate a random 64-character hex key (256-bit)
openssl rand -hex 32
}
# ============================================ # ============================================
# Create Environment Configuration # Create Environment Configuration
# ============================================ # ============================================
@ -346,24 +359,33 @@ create_env_config() {
log_info "Creating environment configuration..." log_info "Creating environment configuration..."
if [ ! -f "$CONFIG_DIR/mpc.env" ]; then if [ ! -f "$CONFIG_DIR/mpc.env" ]; then
cat > "$CONFIG_DIR/mpc.env" << 'EOF' # Generate secure random keys
local POSTGRES_PASS=$(generate_random_password)
local RABBITMQ_PASS=$(generate_random_password)
local JWT_SECRET=$(generate_random_password)
local API_KEY=$(generate_random_password)
local MASTER_KEY=$(generate_random_hex_key)
log_info "Generating secure random keys..."
cat > "$CONFIG_DIR/mpc.env" << EOF
# MPC-System Environment Configuration # MPC-System Environment Configuration
# Modify these values for your production environment # Auto-generated secure keys - modify if needed
# Environment # Environment
ENVIRONMENT=production ENVIRONMENT=production
# PostgreSQL Database # PostgreSQL Database
POSTGRES_USER=mpc_user POSTGRES_USER=mpc_user
POSTGRES_PASSWORD=your_secure_postgres_password_here POSTGRES_PASSWORD=${POSTGRES_PASS}
MPC_DATABASE_HOST=localhost MPC_DATABASE_HOST=localhost
MPC_DATABASE_PORT=5432 MPC_DATABASE_PORT=5432
MPC_DATABASE_USER=mpc_user MPC_DATABASE_USER=mpc_user
MPC_DATABASE_PASSWORD=your_secure_postgres_password_here MPC_DATABASE_PASSWORD=${POSTGRES_PASS}
MPC_DATABASE_DBNAME=mpc_system MPC_DATABASE_DBNAME=mpc_system
MPC_DATABASE_SSLMODE=disable MPC_DATABASE_SSLMODE=disable
# Redis Cache # Redis Cache (empty = no password)
REDIS_PASSWORD= REDIS_PASSWORD=
MPC_REDIS_HOST=localhost MPC_REDIS_HOST=localhost
MPC_REDIS_PORT=6379 MPC_REDIS_PORT=6379
@ -371,23 +393,23 @@ MPC_REDIS_PASSWORD=
# RabbitMQ Message Queue # RabbitMQ Message Queue
RABBITMQ_USER=mpc_user RABBITMQ_USER=mpc_user
RABBITMQ_PASSWORD=your_secure_rabbitmq_password_here RABBITMQ_PASSWORD=${RABBITMQ_PASS}
MPC_RABBITMQ_HOST=localhost MPC_RABBITMQ_HOST=localhost
MPC_RABBITMQ_PORT=5672 MPC_RABBITMQ_PORT=5672
MPC_RABBITMQ_USER=mpc_user MPC_RABBITMQ_USER=mpc_user
MPC_RABBITMQ_PASSWORD=your_secure_rabbitmq_password_here MPC_RABBITMQ_PASSWORD=${RABBITMQ_PASS}
# JWT Configuration # JWT Configuration
JWT_SECRET_KEY=your_super_secure_jwt_secret_key_at_least_32_characters JWT_SECRET_KEY=${JWT_SECRET}
MPC_JWT_SECRET_KEY=your_super_secure_jwt_secret_key_at_least_32_characters MPC_JWT_SECRET_KEY=${JWT_SECRET}
MPC_JWT_ISSUER=mpc-system MPC_JWT_ISSUER=mpc-system
# Crypto Master Key (64 hex characters = 256-bit key) # Crypto Master Key (64 hex characters = 256-bit key for encrypting key shares)
CRYPTO_MASTER_KEY=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef CRYPTO_MASTER_KEY=${MASTER_KEY}
MPC_CRYPTO_MASTER_KEY=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef MPC_CRYPTO_MASTER_KEY=${MASTER_KEY}
# API Security # API Security
MPC_API_KEY=your_very_secure_api_key_at_least_32_characters MPC_API_KEY=${API_KEY}
ALLOWED_IPS=192.168.1.111 ALLOWED_IPS=192.168.1.111
# Server Configuration # Server Configuration
@ -403,13 +425,46 @@ EOF
chmod 600 "$CONFIG_DIR/mpc.env" chmod 600 "$CONFIG_DIR/mpc.env"
chown "$MPC_USER:$MPC_GROUP" "$CONFIG_DIR/mpc.env" chown "$MPC_USER:$MPC_GROUP" "$CONFIG_DIR/mpc.env"
log_warn "Environment file created at $CONFIG_DIR/mpc.env" log_info "Environment file created with auto-generated secure keys"
log_warn "Please edit this file with your production values before starting services!" log_info "Keys saved to: $CONFIG_DIR/mpc.env"
else else
log_info "Environment file already exists" log_info "Environment file already exists"
fi fi
} }
# ============================================
# Regenerate Keys (for existing installation)
# ============================================
regenerate_keys() {
check_root
log_info "Regenerating secure keys..."
local MASTER_KEY=$(generate_random_hex_key)
local JWT_SECRET=$(generate_random_password)
local API_KEY=$(generate_random_password)
# Update only the keys that might have placeholder values
if [ -f "$CONFIG_DIR/mpc.env" ]; then
# Replace placeholder master key patterns
sed -i "s/your_64_hex_characters_master_key_here/${MASTER_KEY}/g" "$CONFIG_DIR/mpc.env"
sed -i "s/0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef/${MASTER_KEY}/g" "$CONFIG_DIR/mpc.env"
# Replace placeholder JWT key
sed -i "s/your_super_secure_jwt_secret_key_at_least_32_characters/${JWT_SECRET}/g" "$CONFIG_DIR/mpc.env"
# Replace placeholder API key
sed -i "s/your_very_secure_api_key_at_least_32_characters/${API_KEY}/g" "$CONFIG_DIR/mpc.env"
log_info "Keys regenerated successfully"
log_info "New MASTER_KEY: ${MASTER_KEY:0:16}... (hidden)"
log_info "Restart services with: $0 restart"
else
log_error "Environment file not found: $CONFIG_DIR/mpc.env"
exit 1
fi
}
# ============================================ # ============================================
# Service Control Functions # Service Control Functions
# ============================================ # ============================================
@ -701,6 +756,9 @@ case "${1:-}" in
reconfigure) reconfigure)
reconfigure reconfigure
;; ;;
regenerate-keys)
regenerate_keys
;;
debug) debug)
debug debug
;; ;;
@ -725,31 +783,32 @@ case "${1:-}" in
*) *)
echo "MPC-System Deployment Script" echo "MPC-System Deployment Script"
echo "" echo ""
echo "Usage: $0 {install|build|reconfigure|debug|start|stop|restart|status|logs|uninstall}" echo "Usage: $0 {install|build|reconfigure|regenerate-keys|debug|start|stop|restart|status|logs|uninstall}"
echo "" echo ""
echo "Commands:" echo "Commands:"
echo " install - Install system dependencies (Go, PostgreSQL, Redis, RabbitMQ)" echo " install - Install system dependencies (Go, PostgreSQL, Redis, RabbitMQ)"
echo " build - Build services and configure infrastructure" echo " build - Build services and configure infrastructure"
echo " reconfigure - Reconfigure PostgreSQL/Redis/RabbitMQ (fix auth issues)" echo " reconfigure - Reconfigure PostgreSQL/Redis/RabbitMQ (fix auth issues)"
echo " debug - Show debug information and test connections" echo " regenerate-keys - Regenerate secure keys (fix placeholder key issues)"
echo " start - Start all MPC services" echo " debug - Show debug information and test connections"
echo " stop - Stop all MPC services" echo " start - Start all MPC services"
echo " restart - Restart all MPC services" echo " stop - Stop all MPC services"
echo " status - Show service status" echo " restart - Restart all MPC services"
echo " logs - View service logs (use: $0 logs [service-name])" echo " status - Show service status"
echo " uninstall - Remove MPC services" echo " logs - View service logs (use: $0 logs [service-name])"
echo " uninstall - Remove MPC services"
echo "" echo ""
echo "Example:" echo "Example:"
echo " $0 install # First time setup" echo " $0 install # First time setup (auto-generates secure keys)"
echo " vim $CONFIG_DIR/mpc.env # Edit configuration"
echo " $0 build # Build and configure" echo " $0 build # Build and configure"
echo " $0 start # Start services" echo " $0 start # Start services"
echo " $0 status # Check status" echo " $0 status # Check status"
echo "" echo ""
echo "Troubleshooting:" echo "Troubleshooting:"
echo " $0 debug # Show debug info and test DB connection" echo " $0 debug # Show debug info and test DB connection"
echo " $0 reconfigure # Fix database authentication issues" echo " $0 reconfigure # Fix database authentication issues"
echo " $0 restart # Then restart services" echo " $0 regenerate-keys # Fix 'Invalid master key format' errors"
echo " $0 restart # Then restart services"
echo "" echo ""
exit 1 exit 1
;; ;;