Generate a salted hash of password for as Ignition GATEWAY_ADMIN_PASSWORD
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| set -eo pipefail | |
| ############################################################################### | |
| # Processes password input and translates to salted hash | |
| ############################################################################### | |
| function main() { | |
| local -u auth_salt | |
| local auth_pwhash auth_pwsalthash auth_password | |
| if [[ -t 0 && -z ${password_input+x} ]]; then | |
| read -rsp "Password: " password_input | |
| echo | |
| elif [[ -z ${password_input+x} ]]; then | |
| password_input=$(</dev/stdin) | |
| fi | |
| if [[ "${password_input}" =~ ^\[[0-9A-F]{8,}][0-9a-f]{64}$ ]]; then | |
| debug "Password is already hashed" | |
| auth_password="${password_input}" | |
| else | |
| auth_salt=$(date +%s | sha256sum | head -c 8) | |
| debug "auth_salt is ${auth_salt}" | |
| auth_pwhash=$(printf %s "${password_input}" | sha256sum - | cut -c -64) | |
| debug "auth_pwhash is ${auth_pwhash}" | |
| auth_pwsalthash=$(printf %s "${password_input}${auth_salt}" | sha256sum - | cut -c -64) | |
| debug "auth_pwsalthash is ${auth_pwsalthash}" | |
| auth_password="[${auth_salt}]${auth_pwsalthash}" | |
| fi | |
| echo "${auth_password}" | |
| } | |
| ############################################################################### | |
| # Outputs to stderr | |
| ############################################################################### | |
| function debug() { | |
| # shellcheck disable=SC2236 | |
| if [ ! -z ${verbose+x} ]; then | |
| >&2 echo "DEBUG: $*" | |
| fi | |
| } | |
| ############################################################################### | |
| # Print usage information | |
| ############################################################################### | |
| function usage() { | |
| >&2 echo "Usage: $0 [-p <string>] [-e <env_var>] [-v] [-h]" | |
| >&2 echo " -p <string> Password to hash" | |
| >&2 echo " -e <env_var> Environment variable containing password to hash" | |
| >&2 echo " -v Verbose output (prints salt, password hash and salted hash)" | |
| >&2 echo " -h Print this help message" | |
| } | |
| # Argument Processing | |
| while getopts ":hve:p:" opt; do | |
| case "$opt" in | |
| v) | |
| verbose=1 | |
| ;; | |
| p) | |
| password_input=${OPTARG} | |
| ;; | |
| e) | |
| password_input=${!OPTARG} | |
| ;; | |
| h) | |
| usage | |
| exit 0 | |
| ;; | |
| \?) | |
| usage | |
| echo "Invalid option: -${OPTARG}" >&2 | |
| exit 1 | |
| ;; | |
| :) | |
| usage | |
| echo "Invalid option: -${OPTARG} requires an argument" >&2 | |
| exit 1 | |
| ;; | |
| esac | |
| done | |
| # shift positional args based on number consumed by getopts | |
| shift $((OPTIND-1)) | |
| # pre-processing done, proceed with main call | |
| main |
Minor fix with revision #3 to ensure that salt is always upper-case, otherwise it doesn't match the required pattern for a salted hash within GATEWAY_ADMIN_PASSWORD env var.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Usage Demo: https://asciinema.org/a/eSQ47eS2I3qmajGLQPyFPZlxH