Skip to content

Local Env: Generate Key

Jump to bottom
Ron Cruz edited this page Jul 13, 2020 · 4 revisions

Copying the .envrc.local.template gives you some environment variables needed to start using the application. But it is missing one value for LOGIN_GOV_SECRET_KEY. We need to generate a value for it which is a PEM encoded PKCS8 value.

  • Run openssl genrsa -f4 -out private.txt 4096 which creates a private.txt file in your project
  • Then, run openssl pkcs8 -topk8 -inform pem -in private.txt -outform PEM -nocrypt -out private8.txt which creates a private8.txt file in your current directory
  • Copy the value inside the generated private8.txt file and assign it to the LOGIN_GOV_SECRET_KEY located in the .envrc.local. It would look something like:
LOGIN_GOV_SECRET_KEY=$(cat <<EOM
{contents from private8.txt}
EOM
)

Optional: Creating Your Own Key/Certs

If you would like to create your own personal key/certs for MOVE_MIL_DOD_TLS_KEY and MOVE_MIL_DOD_TLS_CERT env vars:

  • Open file scripts/generate-devlocal-cert
  • Replace contents of file with:
#! /usr/bin/env bash

CA_KEY=temp-ca.key
CA_PEM=temp-ca.pem
CA_SRL=temp-ca.srl

# Generate the CA private key
openssl genrsa -out "${CA_KEY}" 2048

# Generate the CA root certificate
# Default subject fields
C="US"
ST="DC"
L="Washington"
CN="localhost"
openssl req -new -key "${CA_KEY}" -x509 -days 3652 -out "${CA_PEM}" -subj "/C=$C/ST=$ST/L=$L/O=$O/OU=$OU/CN=$CN"

# Generate devlocal cert
DEVLOCAL_CER=temp-devlocal.cer
DEVLOCAL_KEY=temp-devlocal.key
DEVLOCAL_CSR=temp-devlocal.csr

openssl req -nodes -new -keyout "${DEVLOCAL_KEY}" -out "${DEVLOCAL_CSR}" -subj "/C=$C/ST=$ST/L=$L/O=$O/OU=$OU/CN=$CN"
openssl x509 -req -in "${DEVLOCAL_CSR}" -CA "${CA_PEM}" -CAkey "${CA_KEY}" -CAcreateserial -out "${DEVLOCAL_CER}" -days 3652 -sha256
echo -n "SHA256 digest: "
openssl x509 -outform der -in "${DEVLOCAL_CER}" | openssl dgst -sha256

# Cleanup
rm -f "${DEVLOCAL_CSR}"
rm -f "${CA_SRL}"
  • Run scripts/generate-devlocal-certs
  • The script should create 4 new files temp-ca.key, temp-ca.pem, temp-devlocal.cer, temp-devlocal.key
  • Use these files for our env vars like so:
export MOVE_MIL_DOD_CA_CERT=$(cat "${MYMOVE_DIR}"/temp-ca.pem)
export MOVE_MIL_DOD_TLS_KEY=$(cat "${MYMOVE_DIR}"/temp-devlocal.key)
export MOVE_MIL_DOD_TLS_CERT=$(cat "${MYMOVE_DIR}"/temp-devlocal.cer)

  • Re-run direnv allow to make use of the environment variables in the .envrc

  • Modify /etc/hosts to include the prime, office, and milmove hosts.

  echo "127.0.0.1 primelocal" | sudo tee -a /etc/hosts
  echo "127.0.0.1 officelocal" | sudo tee -a /etc/hosts
  echo "127.0.0.1 milmovelocal" | sudo tee -a /etc/hosts
Clone this wiki locally