veza/scripts/generate-jwt-keys.sh

#!/usr/bin/env bash
# Generate RSA key pair for JWT RS256 (v0.9.1)
# Usage: ./scripts/generate-jwt-keys.sh [output_dir]
# Output: jwt-private.pem, jwt-public.pem (2048-bit RSA)
# NEVER commit these files to Git.

set -e

OUTPUT_DIR="${1:-.}"
PRIVATE="${OUTPUT_DIR}/jwt-private.pem"
PUBLIC="${OUTPUT_DIR}/jwt-public.pem"

echo "Generating RSA 2048-bit key pair for JWT RS256..."
openssl genrsa -out "$PRIVATE" 2048
openssl rsa -in "$PRIVATE" -pubout -out "$PUBLIC"

echo "Keys generated:"
echo "  Private: $PRIVATE"
echo "  Public:  $PUBLIC"
echo ""
echo "Set in .env:"
echo "  JWT_PRIVATE_KEY_PATH=$PRIVATE"
echo "  JWT_PUBLIC_KEY_PATH=$PUBLIC"
echo ""
echo "WARNING: Never commit .pem files to Git!"
v0.9.1 2026-03-05 18:22:31 +00:00			`#!/usr/bin/env bash`
			`# Generate RSA key pair for JWT RS256 (v0.9.1)`
			`# Usage: ./scripts/generate-jwt-keys.sh [output_dir]`
			`# Output: jwt-private.pem, jwt-public.pem (2048-bit RSA)`
			`# NEVER commit these files to Git.`

			`set -e`

			`OUTPUT_DIR="${1:-.}"`
			`PRIVATE="${OUTPUT_DIR}/jwt-private.pem"`
			`PUBLIC="${OUTPUT_DIR}/jwt-public.pem"`

			`echo "Generating RSA 2048-bit key pair for JWT RS256..."`
			`openssl genrsa -out "$PRIVATE" 2048`
			`openssl rsa -in "$PRIVATE" -pubout -out "$PUBLIC"`

			`echo "Keys generated:"`
			`echo " Private: $PRIVATE"`
			`echo " Public: $PUBLIC"`
			`echo ""`
			`echo "Set in .env:"`
			`echo " JWT_PRIVATE_KEY_PATH=$PRIVATE"`
			`echo " JWT_PUBLIC_KEY_PATH=$PUBLIC"`
			`echo ""`
			`echo "WARNING: Never commit .pem files to Git!"`