Merge pull request #193 from ericchiang/base64

*: trim newlines from base64 command for Linux compatibility
This commit is contained in:
Eric Chiang 2015-12-02 09:33:08 -08:00
commit 1c0e59a5b4
2 changed files with 4 additions and 4 deletions

View file

@ -41,7 +41,7 @@ The build script will build all dex components.
dex needs a 32 byte base64-encoded key which will be used to encrypt the private keys in the database. A good way to generate the key is to read from /dev/random: dex needs a 32 byte base64-encoded key which will be used to encrypt the private keys in the database. A good way to generate the key is to read from /dev/random:
`DEX_KEY_SECRET=$(dd if=/dev/random bs=1 count=32 2>/dev/null | base64)` `DEX_KEY_SECRET=$(dd if=/dev/random bs=1 count=32 2>/dev/null | base64 | tr -d '\n')`
The dex overlord and workers allow multiple key secrets (separated by commas) to be passed but only the first will be used to encrypt data; the rest are there for decryption only; this scheme allows for the rotation of keys without downtime (assuming a rolling restart of workers). The dex overlord and workers allow multiple key secrets (separated by commas) to be passed but only the first will be used to encrypt data; the rest are there for decryption only; this scheme allows for the rotation of keys without downtime (assuming a rolling restart of workers).
@ -49,7 +49,7 @@ The dex overlord and workers allow multiple key secrets (separated by commas) to
The dex overlord has a an API which is very powerful - you can create Admin users with it, so it needs to be protected somehow. This is accomplished by requiring that a secret is passed via the Authorization header of each request. This secret is 128 bytes base64 encoded, and should be sufficiently random so as to make guessing impractical: The dex overlord has a an API which is very powerful - you can create Admin users with it, so it needs to be protected somehow. This is accomplished by requiring that a secret is passed via the Authorization header of each request. This secret is 128 bytes base64 encoded, and should be sufficiently random so as to make guessing impractical:
`DEX_OVERLORD_ADMIN_API_SECRET=$(dd if=/dev/random bs=1 count=128 2>/dev/null | base64)` `DEX_OVERLORD_ADMIN_API_SECRET=$(dd if=/dev/random bs=1 count=128 2>/dev/null | base64 | tr -d '\n')`
# Start the overlord # Start the overlord

View file

@ -25,13 +25,13 @@ export DEX_WORKER_DB_URL=$DEX_DB_URL
dropdb $DEX_DB; createdb $DEX_DB dropdb $DEX_DB; createdb $DEX_DB
DEX_KEY_SECRET=$(dd if=/dev/random bs=1 count=32 2>/dev/null | base64) DEX_KEY_SECRET=$(dd if=/dev/random bs=1 count=32 2>/dev/null | base64 | tr -d '\n')
# Start the overlord # Start the overlord
export DEX_OVERLORD_DB_URL=$DEX_DB_URL export DEX_OVERLORD_DB_URL=$DEX_DB_URL
export DEX_OVERLORD_KEY_SECRETS=$DEX_KEY_SECRET export DEX_OVERLORD_KEY_SECRETS=$DEX_KEY_SECRET
export DEX_OVERLORD_KEY_PERIOD=1h export DEX_OVERLORD_KEY_PERIOD=1h
export DEX_OVERLORD_ADMIN_API_SECRET=$(dd if=/dev/random bs=1 count=128 2>/dev/null | base64) export DEX_OVERLORD_ADMIN_API_SECRET=$(dd if=/dev/random bs=1 count=128 2>/dev/null | base64 | tr -d '\n')
./bin/dex-overlord & ./bin/dex-overlord &
echo "Waiting for overlord to start..." echo "Waiting for overlord to start..."
until $(curl --output /dev/null --silent --fail http://localhost:5557/health); do until $(curl --output /dev/null --silent --fail http://localhost:5557/health); do