Browse Source
* update dockerfile * Update Dockerfile * Update setup_secrets_windows.ps1 EoF new line * Update global.json updated version to .1xxpull/78/head
Ike
2 years ago
committed by
GitHub
7 changed files with 163 additions and 40 deletions
@ -0,0 +1,90 @@
@@ -0,0 +1,90 @@
|
||||
param ( |
||||
[bool]$clear, |
||||
[Parameter(ValueFromRemainingArguments = $true, Position=1)] |
||||
$cmdArgs |
||||
) |
||||
|
||||
# Try to Fetch Certificate |
||||
$Certificate = Get-ChildItem -Path cert:\LocalMachine\My | Where-Object { $_.Subject -like "*Bitwarden Key Connector*" } | Select-Object Thumbprint, Subject |
||||
|
||||
if ($($Certificate.Thumbprint)) { |
||||
Write-Host "## INFO --> Found Bitwarden Key Connector certificate : $($Certificate.Thumbprint)" |
||||
} |
||||
else { |
||||
Write-Host "## INFO --> Creating Bitwarden Key Connector certificate..." |
||||
try { |
||||
# Create Key Connector Certificate |
||||
New-SelfSignedCertificate -DnsName "Bitwarden Key Connector" -CertStoreLocation Cert:\LocalMachine\My -KeySpec Signature -KeyUsage DigitalSignature -KeyExportPolicy Exportable -Subject "CN=Bitwarden Key Connector" -NotBefore (Get-Date) -NotAfter (Get-Date).AddDays(36500) |
||||
} |
||||
catch { |
||||
Write-Host "## ERROR --> An exception occurred: $_.Exception.Message" |
||||
exit 1 |
||||
} |
||||
Write-Host "## INFO --> Certificate created successfully" |
||||
|
||||
# Fetch newly created certificate |
||||
$Certificate = Get-ChildItem -Path cert:\LocalMachine\My | Where-Object { $_.Subject -like "*Bitwarden Key Connector*" } | Select-Object Thumbprint, Subject |
||||
|
||||
# Adding a check to make sure the certificate exists to ensure no error on creation |
||||
if ($null -eq $($Certificate.Thumbprint) -or "" -eq $($Certificate.Thumbprint)) { |
||||
Write-Host "## INFO: Certificate not found" |
||||
exit 1 |
||||
} |
||||
} |
||||
|
||||
# Prompt the user for input (e.g., password) |
||||
$password = Read-Host "## INPUT --> Enter password for private key" |
||||
if ($null -ne $password -and "" -ne $password) { |
||||
$SecureStringPassword = ConvertTo-SecureString -String $password -AsPlainText -Force |
||||
Export-PfxCertificate -Cert cert:\LocalMachine\My\$($Certificate.Thumbprint) -FilePath .\bwkc.pfx -Password $SecureStringPassword | Out-Null |
||||
} |
||||
else { |
||||
Write-Host "## ERROR: Password cannot be null or empty" |
||||
exit 1 |
||||
} |
||||
|
||||
$pathToPFX = (Get-Item -Path ".\bwkc.pfx").FullName |
||||
Write-Host "## INFO --> Exported certificate to $pathToPFX" |
||||
|
||||
# read secrets.json |
||||
Write-Host "## INFO --> creating secrets.json from secrets.json.example" |
||||
$secrets = Get-Content .\secrets.json.example | ConvertFrom-Json |
||||
|
||||
# set PFX password |
||||
$secrets.keyConnectorSettings.certificate.filesystemPassword = $password |
||||
Write-Host "## INFO --> Certificate password set successfully in secrets.json" |
||||
|
||||
# set PFX path |
||||
$secrets.keyConnectorSettings.certificate.filesystemPath = $pathToPFX |
||||
Write-Host "## INFO --> Path to bwkc.pfx set successfully in secrets.json" |
||||
|
||||
# set database.json path |
||||
$pathToDatabase = $pathToPFX.Replace("bwkc.pfx", "database.json") |
||||
$secrets.keyConnectorSettings.database.jsonFilePath = $pathToDatabase |
||||
Write-Host "## INFO --> Path to database.json set successfully in secrets.json" |
||||
|
||||
# save secrets.json |
||||
$secrets | ConvertTo-Json | Set-Content secrets.json |
||||
|
||||
# set secrets |
||||
if (!(Test-Path "secrets.json")) { |
||||
Write-Warning "No secrets.json file found, please copy and modify the provided example"; |
||||
exit; |
||||
} |
||||
|
||||
if ($clear -eq $true) { |
||||
Write-Output "Deleting all existing user secrets" |
||||
} |
||||
|
||||
$projects = @{ |
||||
KeyConnector = "../src/KeyConnector" |
||||
} |
||||
|
||||
Write-Host "## INFO --> Setting secrets for each project" |
||||
foreach ($key in $projects.keys) { |
||||
if ($clear -eq $true) { |
||||
dotnet user-secrets clear -p $projects[$key] |
||||
} |
||||
$output = Get-Content secrets.json | & dotnet user-secrets set -p $projects[$key] |
||||
Write-Output "$output - $key" |
||||
} |
||||
@ -0,0 +1,6 @@
@@ -0,0 +1,6 @@
|
||||
{ |
||||
"sdk": { |
||||
"version": "6.0.100", |
||||
"rollForward": "latestFeature" |
||||
} |
||||
} |
||||
@ -0,0 +1,22 @@
@@ -0,0 +1,22 @@
|
||||
# Get the script directory |
||||
$ScriptDir = Split-Path -Parent $MyInvocation.MyCommand.Definition |
||||
|
||||
Write-Host "" |
||||
Write-Host "## INFO --> Building Key Connector" |
||||
|
||||
$dotnetVersion = dotnet --version |
||||
Write-Host ".NET Core version $dotnetVersion" |
||||
|
||||
Write-Host "Restore" |
||||
dotnet restore "$ScriptDir/KeyConnector.csproj" |
||||
|
||||
Write-Host "Clean" |
||||
dotnet clean "$ScriptDir/KeyConnector.csproj" -c "Release" -o "$ScriptDir/obj/build-output/publish" |
||||
|
||||
Write-Host "Publish" |
||||
dotnet publish "$ScriptDir/KeyConnector.csproj" -c "Release" -o "$ScriptDir/obj/build-output/publish" |
||||
|
||||
Write-Host "" |
||||
Write-Host "## INFO --> Building docker image" |
||||
docker --version |
||||
docker build -t bitwarden/key-connector "$ScriptDir\." |
||||
@ -1,40 +1,6 @@
@@ -1,40 +1,6 @@
|
||||
#!/bin/bash |
||||
|
||||
# Setup |
||||
|
||||
GROUPNAME="bitwarden" |
||||
USERNAME="bitwarden" |
||||
|
||||
LUID=${LOCAL_UID:-0} |
||||
LGID=${LOCAL_GID:-0} |
||||
|
||||
# Step down from host root to well-known nobody/nogroup user |
||||
|
||||
if [ $LUID -eq 0 ] |
||||
then |
||||
LUID=65534 |
||||
fi |
||||
if [ $LGID -eq 0 ] |
||||
then |
||||
LGID=65534 |
||||
fi |
||||
|
||||
# Create user and group |
||||
|
||||
groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 || |
||||
groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1 |
||||
useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 || |
||||
usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 |
||||
mkhomedir_helper $USERNAME |
||||
|
||||
# The rest... |
||||
|
||||
chown -R $USERNAME:$GROUPNAME /app |
||||
mkdir -p /etc/bitwarden/logs |
||||
mkdir -p /etc/bitwarden/ca-certificates |
||||
chown -R $USERNAME:$GROUPNAME /etc/bitwarden |
||||
|
||||
cp /etc/bitwarden/ca-certificates/*.crt /usr/local/share/ca-certificates/ >/dev/null 2>&1 \ |
||||
&& update-ca-certificates |
||||
|
||||
exec gosu $USERNAME:$GROUPNAME dotnet /app/KeyConnector.dll |
||||
dotnet /app/KeyConnector.dll |
||||
|
||||
@ -0,0 +1,31 @@
@@ -0,0 +1,31 @@
|
||||
#!/bin/bash |
||||
|
||||
# Setup |
||||
GROUPNAME="bitwarden" |
||||
USERNAME="bitwarden" |
||||
|
||||
LUID=${LOCAL_UID:-0} |
||||
LGID=${LOCAL_GID:-0} |
||||
|
||||
# Step down from host root to well-known nobody/nogroup user |
||||
if [ $LUID -eq 0 ] |
||||
then |
||||
LUID=65534 |
||||
fi |
||||
if [ $LGID -eq 0 ] |
||||
then |
||||
LGID=65534 |
||||
fi |
||||
|
||||
# Create user and group |
||||
groupadd -o -g $LGID $GROUPNAME >/dev/null 2>&1 || |
||||
groupmod -o -g $LGID $GROUPNAME >/dev/null 2>&1 |
||||
useradd -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 || |
||||
usermod -o -u $LUID -g $GROUPNAME -s /bin/false $USERNAME >/dev/null 2>&1 |
||||
mkhomedir_helper $USERNAME |
||||
|
||||
# The rest... |
||||
chown -R $USERNAME:$GROUPNAME /app |
||||
mkdir -p /etc/bitwarden/logs |
||||
mkdir -p /etc/bitwarden/ca-certificates |
||||
chown -R $USERNAME:$GROUPNAME /etc/bitwarden |
||||
Loading…
Reference in new issue