9ec53892bc
- Clear env file at start to avoid appending duplicates when script runs multiple times - Fixes issue where proposer_id was repeated many times in /run/aitbc/secrets/.env - This was causing unwanted block production on follower nodes
49 lines
1.5 KiB
Bash
Executable File
49 lines
1.5 KiB
Bash
Executable File
#!/bin/bash
|
|
# Load AITBC secrets from credentials directory
|
|
# This script is called by systemd services before main process starts
|
|
|
|
set -e
|
|
|
|
CREDENTIALS_DIR="/etc/aitbc/credentials"
|
|
RUN_DIR="/run/aitbc/secrets"
|
|
|
|
# Create runtime directory (tmpfs, cleared on reboot)
|
|
mkdir -p "$RUN_DIR"
|
|
chmod 700 "$RUN_DIR"
|
|
|
|
# Create .env file from credentials
|
|
ENV_FILE="$RUN_DIR/.env"
|
|
|
|
# Clear existing file to avoid duplicate entries
|
|
> "$ENV_FILE"
|
|
|
|
if [ -f "$CREDENTIALS_DIR/api_hash_secret" ]; then
|
|
echo "API_KEY_HASH_SECRET=$(cat $CREDENTIALS_DIR/api_hash_secret)" >> "$ENV_FILE"
|
|
fi
|
|
|
|
if [ -f "$CREDENTIALS_DIR/proposer_id" ]; then
|
|
echo "proposer_id=$(cat $CREDENTIALS_DIR/proposer_id)" >> "$ENV_FILE"
|
|
fi
|
|
|
|
if [ -f "$CREDENTIALS_DIR/keystore_password" ]; then
|
|
echo "KEYSTORE_PASSWORD=$(cat $CREDENTIALS_DIR/keystore_password)" >> "$ENV_FILE"
|
|
fi
|
|
|
|
# Load PostgreSQL database passwords
|
|
for db_user in aitbc_user aitbc_marketplace aitbc_governance aitbc_trading aitbc_gpu aitbc_ai aitbc_mempool; do
|
|
if [ -f "$CREDENTIALS_DIR/postgres_${db_user}_password" ]; then
|
|
db_password=$(cat "$CREDENTIALS_DIR/postgres_${db_user}_password")
|
|
echo "POSTGRES_${db_user^^}_PASSWORD=$db_password" >> "$ENV_FILE"
|
|
fi
|
|
done
|
|
|
|
# Add non-sensitive config from main blockchain.env
|
|
if [ -f "/etc/aitbc/blockchain.env" ]; then
|
|
# Skip lines that are comments or contain migrated secrets
|
|
grep -v '^#' /etc/aitbc/blockchain.env | grep -v 'API_KEY_HASH_SECRET' | grep -v 'proposer_id' >> "$ENV_FILE" || true
|
|
fi
|
|
|
|
chmod 600 "$ENV_FILE"
|
|
|
|
echo "Secrets loaded to $ENV_FILE"
|