oib/aitbc
1
0
Fork 0
Code Issues Pull Requests Actions 21 Packages Projects Releases Wiki Activity
Files
bfcc8e3663af7df985bfeff7c9c6dbdfbd8d18a1
aitbc/scripts/utils/setup-credentials.py
aitbc 04852fc480
Some checks failed
API Endpoint Tests / test-api-endpoints (push) Successful in 19s
Details
Blockchain Synchronization Verification / sync-verification (push) Failing after 2s
Details
Integration Tests / test-service-integration (push) Successful in 3m1s
Details
Multi-Node Blockchain Health Monitoring / health-check (push) Failing after 7s
Details
P2P Network Verification / p2p-verification (push) Successful in 9s
Details
Python Tests / test-python (push) Successful in 28s
Details
Security Scanning / security-scan (push) Successful in 55s
Details
Systemd Sync / sync-systemd (push) Successful in 17s
Details
security: enforce required API_KEY_HASH_SECRET and migrate keystore password to credential system 
Remove default fallback for API_KEY_HASH_SECRET in tenant context middleware and management service, requiring explicit environment variable configuration. Migrate keystore password handling from /etc/aitbc/keystore_password to /etc/aitbc/credentials/keystore_password with 600 permissions. Add load-keystore-secrets.sh pre-start hook and /run/aitbc/secrets/.env environment file to blockchain-node, blockchain
2026-04-28 07:29:51 +02:00

49 lines
1.5 KiB
Python
Executable File
Raw Blame History

#!/usr/bin/env python3
"""
Setup systemd credentials for AITBC services
Stores secrets in /etc/aitbc/credentials with proper permissions
"""
import sys
import os
from pathlib import Path
from secrets import token_hex
def main():
credentials_dir = Path('/etc/aitbc/credentials')
credentials_dir.mkdir(parents=True, exist_ok=True)
os.chmod(credentials_dir, 0o700)
env_file = Path('/etc/aitbc/.env')
# Read current .env values
env_vars = {}
if env_file.exists():
with open(env_file, 'r') as f:
for line in f:
line = line.strip()
if line and not line.startswith('#') and '=' in line:
key, value = line.split('=', 1)
env_vars[key.strip()] = value.strip()
# Create credential files for sensitive values
credentials = {
'api_hash_secret': env_vars.get('API_KEY_HASH_SECRET', token_hex(32)),
'proposer_id': env_vars.get('proposer_id', ''),
'keystore_password': env_vars.get('KEYSTORE_PASSWORD', token_hex(32)),
}
for name, value in credentials.items():
if value:
cred_file = credentials_dir / name
with open(cred_file, 'w') as f:
f.write(value)
os.chmod(cred_file, 0o600)
print(f"Created credential: {cred_file}")
print(f"\nCredentials stored in: {credentials_dir}")
print("All files have 600 permissions (root read/write only)")
if __name__ == '__main__':
main()
Reference in New Issue View Git Blame Copy Permalink