-
Notifications
You must be signed in to change notification settings - Fork 0
Local Env: Generate Key
Ron Cruz edited this page Jul 13, 2020
·
4 revisions
Copying the .envrc.local.template
gives you some environment variables needed to start using the application. But it is missing one value for LOGIN_GOV_SECRET_KEY
. We need to generate a value for it which is a PEM encoded PKCS8 value.
- Run
openssl genrsa -f4 -out private.txt 4096
which creates aprivate.txt
file in your project - Then, run
openssl pkcs8 -topk8 -inform pem -in private.txt -outform PEM -nocrypt -out private8.txt
which creates aprivate8.txt
file in your current directory - Copy the value inside the generated
private8.txt
file and assign it to theLOGIN_GOV_SECRET_KEY
located in the.envrc.local
. It would look something like:
LOGIN_GOV_SECRET_KEY=$(cat <<EOM
{contents from private8.txt}
EOM
)
If you would like to create your own personal key/certs for MOVE_MIL_DOD_TLS_KEY
and MOVE_MIL_DOD_TLS_CERT
env vars:
- Open file
scripts/generate-devlocal-cert
- Replace contents of file with:
#! /usr/bin/env bash
CA_KEY=temp-ca.key
CA_PEM=temp-ca.pem
CA_SRL=temp-ca.srl
# Generate the CA private key
openssl genrsa -out "${CA_KEY}" 2048
# Generate the CA root certificate
# Default subject fields
C="US"
ST="DC"
L="Washington"
CN="localhost"
openssl req -new -key "${CA_KEY}" -x509 -days 3652 -out "${CA_PEM}" -subj "/C=$C/ST=$ST/L=$L/O=$O/OU=$OU/CN=$CN"
# Generate devlocal cert
DEVLOCAL_CER=temp-devlocal.cer
DEVLOCAL_KEY=temp-devlocal.key
DEVLOCAL_CSR=temp-devlocal.csr
openssl req -nodes -new -keyout "${DEVLOCAL_KEY}" -out "${DEVLOCAL_CSR}" -subj "/C=$C/ST=$ST/L=$L/O=$O/OU=$OU/CN=$CN"
openssl x509 -req -in "${DEVLOCAL_CSR}" -CA "${CA_PEM}" -CAkey "${CA_KEY}" -CAcreateserial -out "${DEVLOCAL_CER}" -days 3652 -sha256
echo -n "SHA256 digest: "
openssl x509 -outform der -in "${DEVLOCAL_CER}" | openssl dgst -sha256
# Cleanup
rm -f "${DEVLOCAL_CSR}"
rm -f "${CA_SRL}"
- Run
scripts/generate-devlocal-certs
- The script should create 4 new files
temp-ca.key
,temp-ca.pem
,temp-devlocal.cer
,temp-devlocal.key
- Use these files for our env vars like so:
export MOVE_MIL_DOD_CA_CERT=$(cat "${MYMOVE_DIR}"/temp-ca.pem)
export MOVE_MIL_DOD_TLS_KEY=$(cat "${MYMOVE_DIR}"/temp-devlocal.key)
export MOVE_MIL_DOD_TLS_CERT=$(cat "${MYMOVE_DIR}"/temp-devlocal.cer)
-
Re-run
direnv allow
to make use of the environment variables in the.envrc
-
Modify
/etc/hosts
to include theprime
,office
, andmilmove
hosts.
echo "127.0.0.1 primelocal" | sudo tee -a /etc/hosts
echo "127.0.0.1 officelocal" | sudo tee -a /etc/hosts
echo "127.0.0.1 milmovelocal" | sudo tee -a /etc/hosts