coop-cloud/abra
coop-cloud
/
abra
Archived
7
0
Fork 2
Code Issues 21 Pull Requests Releases Activity

PASSWORD/KEY distinction+match for secret generation #33

Merged
decentral1se merged 2 commits from new-pass-keys-generation into main 2020-11-05 14:57:40 +00:00
Conversation 3 Commits 2 Files Changed 1 +44 -10
decentral1se commented 2020-11-01 20:13:48 +00:00
Owner
Copy Link

Working on #32 (comment).

Rules are:

  • SECRET.*PASSW.*D.*VERSION: "password", generated using pwqgen
  • SECRET.*KEY.*VERSION: "key", generated using pwgen
  • can specify # length=30 on the end of it to get a length injected
Working on https://git.autonomic.zone/coop-cloud/abra/issues/32#issuecomment-1828. Rules are: - `SECRET.*PASSW.*D.*VERSION`: "password", generated using `pwqgen` - `SECRET.*KEY.*VERSION`: "key", generated using `pwgen` - can specify `# length=30` on the end of it to get a length injected
decentral1se commented 2020-11-02 11:13:31 +00:00
Author
Owner
Copy Link

Instead of the lolz PASSW.*D hack, I'm gonna include the rewrite of env vars under coop-cloud/gardening#1 along with this PR so we can go on with a cleaner slate.

Instead of the lolz `PASSW.*D` hack, I'm gonna include the rewrite of env vars under https://git.autonomic.zone/coop-cloud/gardening/issues/1 along with this PR so we can go on with a cleaner slate.
decentral1se commented 2020-11-05 13:20:57 +00:00
Author
Owner
Copy Link

New parsing logic seems to be working. For passwords:

➜  ~ SECRET="SECRET_DB_PASSWORD_VERSION=v1 # length=15"                                   
➜  ~ LENGTH=$(echo $SECRET | sed -e 's/.*[^0-9]([0-9]+)[^0-9]*$/1/')
➜  ~ SECRET=${SECRET%_VERSION=*}
➜  ~ SECRET=${SECRET#SECRET_}   
➜  ~ echo $SECRET $LENGTH
DB_PASSWORD 15

And keys with same logic:

➜  ~ SECRET="SECRET_DB_KEY_VERSION=v1 # length=60" 
➜  ~ LENGTH=$(echo $SECRET | sed -e 's/.*[^0-9]([0-9]+)[^0-9]*$/1/')
➜  ~ SECRET=${SECRET%_VERSION=*}                                        
➜  ~ SECRET=${SECRET#SECRET_}                                           
➜  ~ echo $SECRET $LENGTH                                               
DB_KEY 60

Then I will just grep for PASSWORD/KEY to determine pwgen/pwqgen` use.

Sorry for the nightmarish regex but I couldn't figure it out any simpler.

New parsing logic seems to be working. For passwords: ``` ➜ ~ SECRET="SECRET_DB_PASSWORD_VERSION=v1 # length=15" ➜ ~ LENGTH=$(echo $SECRET | sed -e 's/.*[^0-9]([0-9]+)[^0-9]*$/1/') ➜ ~ SECRET=${SECRET%_VERSION=*} ➜ ~ SECRET=${SECRET#SECRET_} ➜ ~ echo $SECRET $LENGTH DB_PASSWORD 15 ``` And keys with same logic: ``` ➜ ~ SECRET="SECRET_DB_KEY_VERSION=v1 # length=60" ➜ ~ LENGTH=$(echo $SECRET | sed -e 's/.*[^0-9]([0-9]+)[^0-9]*$/1/') ➜ ~ SECRET=${SECRET%_VERSION=*} ➜ ~ SECRET=${SECRET#SECRET_} ➜ ~ echo $SECRET $LENGTH DB_KEY 60 ``` Then I will just `grep` for `PASSWORD/KEY` to determine `pwgen/`pwqgen` use. Sorry for the nightmarish regex but I couldn't figure it out any simpler.
decentral1se commented 2020-11-05 14:55:40 +00:00
Author
Owner
Copy Link
➜  coop-cloud-apps (main) ✔ abra app order.biobulkbende.org secret auto                  
Generating db_password, version: v1, length: 32                    
Password: broken5Adam-Cotton
Generating db_root_password, version: v1, length: 32
Password: warp=soviet-whig
Generating shared_lists_db_password, version: v1, length: 32
Password: Detail9Coal8sunny
Generating smtp_password, version: v1, length: 32
Password: Lip!Eddy4ripple
Generating key_base, version: v1, length: 30
Password: iekobuP3lahs8eiko4thieKooghiKe
➜  coop-cloud-apps (main) ✔ docker secret rm $(docker secret ls -q)    
ttdx6gittpc2w7wo2n157vgyt                 
e3rm1d6kyias130vnzc1glt7q
x1ar2ts2kl9573ps26qknv8ik
s5prf28sgzc253ecgjre85wgc
0hy35x3ihc1zh41vxfz4agza2
``` ➜ coop-cloud-apps (main) ✔ abra app order.biobulkbende.org secret auto Generating db_password, version: v1, length: 32 Password: broken5Adam-Cotton Generating db_root_password, version: v1, length: 32 Password: warp=soviet-whig Generating shared_lists_db_password, version: v1, length: 32 Password: Detail9Coal8sunny Generating smtp_password, version: v1, length: 32 Password: Lip!Eddy4ripple Generating key_base, version: v1, length: 30 Password: iekobuP3lahs8eiko4thieKooghiKe ➜ coop-cloud-apps (main) ✔ docker secret rm $(docker secret ls -q) ttdx6gittpc2w7wo2n157vgyt e3rm1d6kyias130vnzc1glt7q x1ar2ts2kl9573ps26qknv8ik s5prf28sgzc253ecgjre85wgc 0hy35x3ihc1zh41vxfz4agza2 ```
decentral1se changed title from WIP: Use new PASSWORD/KEY distinction+match for secret generation to PASSWORD/KEY distinction+match for secret generation 2020-11-05 14:57:00 +00:00
decentral1se merged commit b75bce531b into main 2020-11-05 14:57:40 +00:00
decentral1se deleted branch new-pass-keys-generation 2020-11-06 10:20:43 +00:00
This repo is archived. You cannot comment on pull requests.
Reviewers
No reviewers
Labels
Clear labels   
breaking-change

Anything that breaks the existing API

  
bug

Something is not working

  
CI/CD

Anything to do with testing and infra

  
design

Anything to with UX of this tool

  
documentation

Documentation

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
help wanted

Need some help

  
invalid

Something is wrong

  
plugin

Related to the plugin architecture

  
question

More information is needed

  
secrets

Everything to do with docker secrets

  
shell-completion

To do with shell completion

  
versioning

All the things to do with versioning apps

  
wontfix

This won't be fixed

No Label
breaking-change
bug
CI/CD
design
documentation
duplicate
enhancement
help wanted
invalid
plugin
question
secrets
shell-completion
versioning
wontfix
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
1 Participants
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: coop-cloud/abra#33
No description provided.
Delete Branch "new-pass-keys-generation"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?