# ============================================================================ # EasyStream - Secret Key Generator # ============================================================================ # This script generates secure random keys for production deployment # ============================================================================ param( [switch]$Force = $false ) $SecretsDir = "$PSScriptRoot\secrets" Write-Host "============================================================================" -ForegroundColor Cyan Write-Host " EasyStream Secret Key Generator" -ForegroundColor Cyan Write-Host "============================================================================" -ForegroundColor Cyan Write-Host "" # Create secrets directory if (-not (Test-Path $SecretsDir)) { Write-Host "[INFO] Creating secrets directory..." -ForegroundColor Yellow New-Item -ItemType Directory -Path $SecretsDir -Force | Out-Null } function New-SecureKey { param( [int]$ByteLength = 32 ) $bytes = New-Object byte[] $ByteLength $rng = [System.Security.Cryptography.RNGCryptoServiceProvider]::new() $rng.GetBytes($bytes) $rng.Dispose() return [Convert]::ToBase64String($bytes) } function New-SecretFile { param( [string]$FileName, [int]$ByteLength = 32 ) $filePath = Join-Path $SecretsDir $FileName if ((Test-Path $filePath) -and -not $Force) { Write-Host "[SKIP] $FileName already exists (use -Force to overwrite)" -ForegroundColor Yellow return $false } $key = New-SecureKey -ByteLength $ByteLength Set-Content -Path $filePath -Value $key -NoNewline Write-Host "[OK] Generated $FileName" -ForegroundColor Green return $true } # Generate all secrets Write-Host "Generating secure keys..." -ForegroundColor Cyan Write-Host "" $generated = 0 if (New-SecretFile "api_key.txt" 32) { $generated++ } if (New-SecretFile "jwt_secret.txt" 32) { $generated++ } if (New-SecretFile "encryption_key.txt" 32) { $generated++ } if (New-SecretFile "cron_secret.txt" 32) { $generated++ } if (New-SecretFile "db_password.txt" 24) { $generated++ } if (New-SecretFile "db_root_password.txt" 24) { $generated++ } Write-Host "" Write-Host "============================================================================" -ForegroundColor Cyan Write-Host "Generated $generated secret(s)" -ForegroundColor Green Write-Host "" Write-Host "IMPORTANT NEXT STEPS:" -ForegroundColor Yellow Write-Host "1. Update your .env file with these secrets" -ForegroundColor White Write-Host "2. Set file permissions: chmod 600 secrets/*" -ForegroundColor White Write-Host "3. Never commit the secrets/ directory to version control" -ForegroundColor White Write-Host "4. Back up these secrets securely" -ForegroundColor White Write-Host "" Write-Host "Secret files location: $SecretsDir" -ForegroundColor Cyan Write-Host "============================================================================" -ForegroundColor Cyan Write-Host "" # Display secret values (masked) Write-Host "Generated Secrets (first 10 chars shown):" -ForegroundColor Cyan Get-ChildItem $SecretsDir -Filter "*.txt" | ForEach-Object { $content = Get-Content $_.FullName -Raw $preview = $content.Substring(0, [Math]::Min(10, $content.Length)) + "..." Write-Host " $($_.Name): $preview" -ForegroundColor Gray } Write-Host ""