Protei/PromucFlow_constructor
2
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Updated encryption setup in build and deploy script (#112)

Browse Source 
* Incorporated review comments on encryption setup in build and deploy script.
This commit is contained in:
Trisha Anand 2020-07-16 15:51:52 +05:30 committed by GitHub
parent 140bfed24f
commit d111df5e9e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 27 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
deploy/install.sh
View File

@ -129,48 +129,60 @@ if [[ $mongo_option -eq 2 ]];then
read -p 'Enter the mongo root user: ' mongo_root_user read -p 'Enter the mongo root user: ' mongo_root_user
read -sp 'Enter the mongo password: ' mongo_root_password read -sp 'Enter the mongo password: ' mongo_root_password
read -p 'Enter your mongo database name: ' mongo_database read -p 'Enter your mongo database name: ' mongo_database
# It is possible that this isn't the first installation.
echo ""
read -p 'Do you have any existing data in the database?[Y/n]: ' existing_encrypted_data
existing_encrypted_data=${existing_encrypted_data:-Y}
# In this case be more cautious of auto generating the encryption keys. Err on the side of not generating the encryption keys
if [ $existing_encrypted_data == "N" -o $existing_encrypted_data == "n" -o $existing_encrypted_data == "no" -o $existing_encrypted_data == "No" ];then
auto_generate_encryption="true"
else
auto_generate_encryption="false"
fi
elif [[ $mongo_option -eq 1 ]];then elif [[ $mongo_option -eq 1 ]];then
mongo_host="mongo" mongo_host="mongo"
mongo_database="appsmith" mongo_database="appsmith"
read -p 'Set the mongo root user: ' mongo_root_user read -p 'Set the mongo root user: ' mongo_root_user
read -sp 'Set the mongo password: ' mongo_root_password read -sp 'Set the mongo password: ' mongo_root_password
# Since the mongo was automatically setup, this must be the first time installation. Generate encryption credentials for this scenario
auto_generate_encryption="true"
fi fi
echo "" echo ""
echo ""
echo "Appsmith needs password and salt to encrypt sensitive information"
encryptionEnv=./template/encryption.env encryptionEnv=./template/encryption.env
if test -f "$encryptionEnv"; then if test -f "$encryptionEnv"; then
echo "CAUTION : This isn't your first time installing appsmith. Encryption password and salt already exist. Do you want to override this? NOTE: Overwriting the existing salt and password would lead to you losing access to sensitive information encrypted using the same" echo "CAUTION : This isn't your first time installing appsmith. Encryption password and salt already exist. Do you want to override this? NOTE: Overwriting the existing salt and password would lead to you losing access to sensitive information encrypted using the same"
echo "1) No. Conserve the older encryption password and salt and continue" echo "1) No. Conserve the older encryption password and salt and continue"
echo "2) Yes. Overwrite the existing encryption (NOT SUGGESTED)" echo "2) Yes. Overwrite the existing encryption (NOT SUGGESTED) with autogenerated encryption password and salt"
echo "3) Yes. Overwrite the existing encryption (NOT SUGGESTED) with manually entering the encryption password and salt"
read -p 'Enter option number [1]: ' overwrite_encryption read -p 'Enter option number [1]: ' overwrite_encryption
overwrite_encryption=${overwrite_encryption:-1} overwrite_encryption=${overwrite_encryption:-1}
echo "" auto_generate_encryption="false"
if [[ $overwrite_encryption -eq 1 ]];then if [[ $overwrite_encryption -eq 1 ]];then
setup_encryption="false" setup_encryption="false"
elif [[ $overwrite_encryption -eq 2 ]];then elif [[ $overwrite_encryption -eq 2 ]];then
setup_encryption="true" setup_encryption="true"
auto_generate_encryption="true"
elif [[ $overwrite_encryption -eq 3 ]];then
setup_encryption="true"
auto_generate_encryption="false"
fi fi
else else
setup_encryption="true" setup_encryption="true"
fi fi
if [[ "$setup_encryption" = "true" ]];then if [[ "$setup_encryption" = "true" ]];then
echo "1) Automatically generate password and salt (recommended)" if [[ "$auto_generate_encryption" = "false" ]];then
echo "2) Set up your own salt and password" echo "Please enter the salt and password found in the encyption.env file of your previous appsmith installation "
read -p 'Enter option number [1]: ' encryption_option
encryption_option=${encryption_option:-1}
if [[ $encryption_option -eq 2 ]];then
echo ""
read -p 'Enter your encryption password: ' user_encryption_password read -p 'Enter your encryption password: ' user_encryption_password
read -p 'Enter your encryption salt: ' user_encryption_salt read -p 'Enter your encryption salt: ' user_encryption_salt
elif [[ $encryption_option -eq 1 ]];then elif [[ "$auto_generate_encryption" = "true" ]];then
# Picked up the following method of generation from : https://gist.github.com/earthgecko/3089509 # Picked up the following method of generation from : https://gist.github.com/earthgecko/3089509
user_encryption_password=$(cat /dev/urandom | LC_CTYPE=C tr -dc 'a-zA-Z0-9' | fold -w 13 | head -n 1) user_encryption_password=$(cat /dev/urandom | LC_CTYPE=C tr -dc 'a-zA-Z0-9' | fold -w 13 | head -n 1)
user_encryption_salt=$(cat /dev/urandom | LC_CTYPE=C tr -dc 'a-zA-Z0-9' | fold -w 13 | head -n 1) user_encryption_salt=$(cat /dev/urandom | LC_CTYPE=C tr -dc 'a-zA-Z0-9' | fold -w 13 | head -n 1)
fi fi
fi fi
echo "" echo ""
read -p 'Would you like to host appsmith on a custom domain / subdomain? [Y/n]: ' setup_domain read -p 'Would you like to host appsmith on a custom domain / subdomain? [Y/n]: ' setup_domain
setup_domain=${setup_domain:-Y} setup_domain=${setup_domain:-Y}