initial
This commit is contained in:
Senko-san
@@ -0,0 +1,22 @@
|
||||
# Secret generation. Secrets are generated, never requested from the user,
|
||||
# and never printed. URL-safe alphanumerics only (avoid shell/URL/env quoting
|
||||
# pitfalls in .env and connection strings).
|
||||
#
|
||||
# Note: we deliberately avoid `... | head -c N` here. Under `set -o pipefail`
|
||||
# head closes the pipe early, the upstream producer dies with SIGPIPE, and the
|
||||
# whole script would abort. Instead we read a full chunk and slice in bash.
|
||||
|
||||
# gen_secret [LENGTH] — alphanumeric token, default 32 chars. Sets SECRET.
|
||||
gen_secret() {
|
||||
local len="${1:-32}" raw=""
|
||||
while ((${#raw} < len)); do
|
||||
# openssl finishes before tr reads EOF — no early pipe close.
|
||||
raw+="$(openssl rand -base64 $((len + 16)) | LC_ALL=C tr -dc 'A-Za-z0-9')"
|
||||
done
|
||||
SECRET="${raw:0:len}"
|
||||
}
|
||||
|
||||
# gen_hex BYTES — hex string (e.g. JWT secret). Sets SECRET.
|
||||
gen_hex() {
|
||||
SECRET="$(openssl rand -hex "${1:-32}")"
|
||||
}
|
||||
Reference in New Issue
Block a user