oib/aitbc
1
0
Fork 0
Code Issues Pull Requests Actions 21 Packages Projects Releases Wiki Activity
Files
ab0480dfc5599dfe568fd3938e2786abbf1638a5
aitbc/scripts/utils/setup-credentials.py
aitbc 27312dcf2a
Some checks failed
Cross-Node Transaction Testing / transaction-test (push) Has been cancelled
Details
Deploy to Testnet / deploy-testnet (push) Has been cancelled
Details
Multi-Node Stress Testing / stress-test (push) Has been cancelled
Details
Security Scanning / security-scan (push) Has been cancelled
Details
CLI Tests / test-cli (push) Has been cancelled
Details
Documentation Validation / validate-docs (push) Failing after 11s
Details
Documentation Validation / validate-policies-strict (push) Successful in 4s
Details
Standardize config files: use blockchain.env and node.env instead of .env 
- Update CLI config to load from /etc/aitbc/blockchain.env
- Update operational-features.md documentation
- Update setup.sh to create/use blockchain.env
- Update utility scripts (setup-credentials, migrate_secrets, generate_unique_node_ids, chain_regen_node, load-keystore-secrets)
- Update workflow scripts (01_preflight_setup, hermes preflight setups)
- Maintain backward compatibility for existing deployments
2026-05-26 15:53:04 +02:00

49 lines
1.5 KiB
Python
Executable File
Raw Blame History

#!/usr/bin/env python3
"""
Setup systemd credentials for AITBC services
Stores secrets in /etc/aitbc/credentials with proper permissions
"""
import sys
import os
from pathlib import Path
from secrets import token_hex
def main():
credentials_dir = Path('/etc/aitbc/credentials')
credentials_dir.mkdir(parents=True, exist_ok=True)
os.chmod(credentials_dir, 0o700)
env_file = Path('/etc/aitbc/blockchain.env')
# Read current .env values
env_vars = {}
if env_file.exists():
with open(env_file, 'r') as f:
for line in f:
line = line.strip()
if line and not line.startswith('#') and '=' in line:
key, value = line.split('=', 1)
env_vars[key.strip()] = value.strip()
# Create credential files for sensitive values
credentials = {
'api_hash_secret': env_vars.get('API_KEY_HASH_SECRET', token_hex(32)),
'proposer_id': env_vars.get('proposer_id', ''),
'keystore_password': env_vars.get('KEYSTORE_PASSWORD', token_hex(32)),
}
for name, value in credentials.items():
if value:
cred_file = credentials_dir / name
with open(cred_file, 'w') as f:
f.write(value)
os.chmod(cred_file, 0o600)
print(f"Created credential: {cred_file}")
print(f"\nCredentials stored in: {credentials_dir}")
print("All files have 600 permissions (root read/write only)")
if __name__ == '__main__':
main()
Reference in New Issue View Git Blame Copy Permalink