Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Generate a salted hash of password for as Ignition GATEWAY_ADMIN_PASSWORD
#!/usr/bin/env bash
set -eo pipefail
###############################################################################
# Processes password input and translates to salted hash
###############################################################################
function main() {
local -u auth_salt
local auth_pwhash auth_pwsalthash auth_password
if [[ -t 0 && -z ${password_input+x} ]]; then
read -rsp "Password: " password_input
echo
elif [[ -z ${password_input+x} ]]; then
password_input=$(</dev/stdin)
fi
if [[ "${password_input}" =~ ^\[[0-9A-F]{8,}][0-9a-f]{64}$ ]]; then
debug "Password is already hashed"
auth_password="${password_input}"
else
auth_salt=$(date +%s | sha256sum | head -c 8)
debug "auth_salt is ${auth_salt}"
auth_pwhash=$(printf %s "${password_input}" | sha256sum - | cut -c -64)
debug "auth_pwhash is ${auth_pwhash}"
auth_pwsalthash=$(printf %s "${password_input}${auth_salt}" | sha256sum - | cut -c -64)
debug "auth_pwsalthash is ${auth_pwsalthash}"
auth_password="[${auth_salt}]${auth_pwsalthash}"
fi
echo "${auth_password}"
}
###############################################################################
# Outputs to stderr
###############################################################################
function debug() {
# shellcheck disable=SC2236
if [ ! -z ${verbose+x} ]; then
>&2 echo "DEBUG: $*"
fi
}
###############################################################################
# Print usage information
###############################################################################
function usage() {
>&2 echo "Usage: $0 [-p <string>] [-e <env_var>] [-v] [-h]"
>&2 echo " -p <string> Password to hash"
>&2 echo " -e <env_var> Environment variable containing password to hash"
>&2 echo " -v Verbose output (prints salt, password hash and salted hash)"
>&2 echo " -h Print this help message"
}
# Argument Processing
while getopts ":hve:p:" opt; do
case "$opt" in
v)
verbose=1
;;
p)
password_input=${OPTARG}
;;
e)
password_input=${!OPTARG}
;;
h)
usage
exit 0
;;
\?)
usage
echo "Invalid option: -${OPTARG}" >&2
exit 1
;;
:)
usage
echo "Invalid option: -${OPTARG} requires an argument" >&2
exit 1
;;
esac
done
# shift positional args based on number consumed by getopts
shift $((OPTIND-1))
# pre-processing done, proceed with main call
main
@thirdgen88
Copy link
Author

thirdgen88 commented Jun 29, 2022

@thirdgen88
Copy link
Author

Minor fix with revision #3 to ensure that salt is always upper-case, otherwise it doesn't match the required pattern for a salted hash within GATEWAY_ADMIN_PASSWORD env var.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment