Skip to content

Commit

Permalink
FIX Certificates not reappearing in UI after restart
Browse files Browse the repository at this point in the history
Lemur KEYS needs to be made persistant
  • Loading branch information
steccas committed Jun 22, 2021
1 parent c6e5028 commit 8723799
Showing 3 changed files with 45 additions and 11 deletions.
28 changes: 28 additions & 0 deletions gensec.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
import os.path
import random
import string
import base64

def get_random_secret(length):
secret_key = ''.join(random.choice(string.ascii_uppercase) for x in range(round(length / 4)))
secret_key = secret_key + ''.join(random.choice("~!@#$%^&*()_+") for x in range(round(length / 4)))
secret_key = secret_key + ''.join(random.choice(string.ascii_lowercase) for x in range(round(length / 4)))
return secret_key + ''.join(random.choice(string.digits) for x in range(round(length / 4)))


# This is the secret key used by Flask session management
SECRET_KEY = repr(os.environ.get('SECRET_KEY', get_random_secret(32).encode('utf8')))

# You should consider storing these separately from your config
LEMUR_TOKEN_SECRET = repr(os.environ.get('LEMUR_TOKEN_SECRET',
base64.b64encode(get_random_secret(32).encode('utf8'))))
# This must match the key for whichever DB the container is using - this could be a dump of dev or test, or a unique key
LEMUR_ENCRYPTION_KEYS = repr(os.environ.get('LEMUR_ENCRYPTION_KEYS',
base64.b64encode(get_random_secret(32).encode('utf8')).decode('utf8')))

names = ['SECRET_KEY', 'LEMUR_TOKEN_SECRET', 'LEMUR_ENCRYPTION_KEYS']

for name in names:
text_file = open("./lemur_keys/" + name, "w")
n = text_file.write(globals()[name])
text_file.close()
25 changes: 14 additions & 11 deletions lemur.conf.py
Original file line number Diff line number Diff line change
@@ -17,23 +17,26 @@
debug = os.environ.get("DEBUG") == "True"


def get_random_secret(length):
secret_key = ''.join(random.choice(string.ascii_uppercase) for x in range(round(length / 4)))
secret_key = secret_key + ''.join(random.choice("~!@#$%^&*()_+") for x in range(round(length / 4)))
secret_key = secret_key + ''.join(random.choice(string.ascii_lowercase) for x in range(round(length / 4)))
return secret_key + ''.join(random.choice(string.digits) for x in range(round(length / 4)))
#def get_random_secret(length):
# secret_key = ''.join(random.choice(string.ascii_uppercase) for x in range(round(length / 4)))
# secret_key = secret_key + ''.join(random.choice("~!@#$%^&*()_+") for x in range(round(length / 4)))
# secret_key = secret_key + ''.join(random.choice(string.ascii_lowercase) for x in range(round(length / 4)))
# return secret_key + ''.join(random.choice(string.digits) for x in range(round(length / 4)))


# This is the secret key used by Flask session management
SECRET_KEY = repr(os.environ.get('SECRET_KEY', get_random_secret(32).encode('utf8')))

SECRET_KEY = ""
# You should consider storing these separately from your config
LEMUR_TOKEN_SECRET = repr(os.environ.get('LEMUR_TOKEN_SECRET',
base64.b64encode(get_random_secret(32).encode('utf8'))))
LEMUR_TOKEN_SECRET = ""
# This must match the key for whichever DB the container is using - this could be a dump of dev or test, or a unique key
LEMUR_ENCRYPTION_KEYS = repr(os.environ.get('LEMUR_ENCRYPTION_KEYS',
base64.b64encode(get_random_secret(32).encode('utf8')).decode('utf8')))
LEMUR_ENCRYPTION_KEYS = ""

names = ['SECRET_KEY', 'LEMUR_TOKEN_SECRET', 'LEMUR_ENCRYPTION_KEYS']

for name in names:
text_file = open("/home/lemur/.lemur/lemur_keys/" + name, "r")
globals()[name] = text_file.read()
text_file.close()
REDIS_HOST = 'redis'
REDIS_PORT = 6379
REDIS_DB = 0
3 changes: 3 additions & 0 deletions setup_cfssl.sh
Original file line number Diff line number Diff line change
@@ -71,6 +71,9 @@ then

git clone --depth=1 https://github.com/Netflix/lemur.git lemur-build-docker/lemur

mkdir lemur_keys
python3 gensec.py

#start everything
docker-compose up -d

0 comments on commit 8723799

Please # to comment.