@@ -15,13 +15,19 @@ minio_secret_key="$(tr -dc A-Za-z0-9 </dev/urandom | head -c 42)"
1515minio_cargohold_access_key=" $( tr -dc A-Za-z0-9 < /dev/urandom | head -c 20) "
1616minio_cargohold_secret_key=" $( tr -dc A-Za-z0-9 < /dev/urandom | head -c 30) "
1717
18- zauth=" $( sudo docker run $ZAUTH_CONTAINER -m gen-keypair) "
18+ zauth=" $( sudo docker run $ZAUTH_CONTAINER -m gen-keypair -i 1 ) "
1919
2020zauth_public=$( echo " $zauth " | awk ' NR==1{ print $2}' )
2121zauth_private=$( echo " $zauth " | awk ' NR==2{ print $2}' )
2222
2323prometheus_pass=" $( tr -dc A-Za-z0-9 < /dev/urandom | head -c 16) "
2424
25+ # Generate MLS private keys using openssl
26+ mls_ed25519_key=" $( openssl genpkey -algorithm ed25519 2> /dev/null | awk ' {printf " %s\n", $0}' ) "
27+ mls_ecdsa_p256_key=" $( openssl genpkey -algorithm ec -pkeyopt ec_paramgen_curve:P-256 2> /dev/null | awk ' {printf " %s\n", $0}' ) "
28+ mls_ecdsa_p384_key=" $( openssl genpkey -algorithm ec -pkeyopt ec_paramgen_curve:P-384 2> /dev/null | awk ' {printf " %s\n", $0}' ) "
29+ mls_ecdsa_p521_key=" $( openssl genpkey -algorithm ec -pkeyopt ec_paramgen_curve:P-521 2> /dev/null | awk ' {printf " %s\n", $0}' ) "
30+
2531if [[ ! -f $VALUES_DIR /wire-server/secrets.yaml ]]; then
2632 echo " Writing $VALUES_DIR /wire-server/secrets.yaml"
2733 cat << EOF > $VALUES_DIR /wire-server/secrets.yaml
@@ -61,9 +67,22 @@ cannon:
6167 password: verysecurepassword
6268galley:
6369 secrets:
70+ rabbitmq:
71+ username: wire-server
72+ password: verysecurepassword
6473 pgPassword: verysecurepassword
6574 awsKeyId: dummykey
6675 awsSecretKey: dummysecret
76+ mlsPrivateKeys:
77+ removal:
78+ ed25519: |
79+ $mls_ed25519_key
80+ ecdsa_secp256r1_sha256: |
81+ $mls_ecdsa_p256_key
82+ ecdsa_secp384r1_sha384: |
83+ $mls_ecdsa_p384_key
84+ ecdsa_secp521r1_sha512: |
85+ $mls_ecdsa_p521_key
6786gundeck:
6887 secrets:
6988 awsKeyId: dummykey
0 commit comments