25 lines
701 B
Bash
Executable file
25 lines
701 B
Bash
Executable file
#!/usr/bin/env bash
|
|
# Generate RSA key pair for JWT RS256 (v0.9.1)
|
|
# Usage: ./scripts/generate-jwt-keys.sh [output_dir]
|
|
# Output: jwt-private.pem, jwt-public.pem (2048-bit RSA)
|
|
# NEVER commit these files to Git.
|
|
|
|
set -e
|
|
|
|
OUTPUT_DIR="${1:-.}"
|
|
PRIVATE="${OUTPUT_DIR}/jwt-private.pem"
|
|
PUBLIC="${OUTPUT_DIR}/jwt-public.pem"
|
|
|
|
echo "Generating RSA 2048-bit key pair for JWT RS256..."
|
|
openssl genrsa -out "$PRIVATE" 2048
|
|
openssl rsa -in "$PRIVATE" -pubout -out "$PUBLIC"
|
|
|
|
echo "Keys generated:"
|
|
echo " Private: $PRIVATE"
|
|
echo " Public: $PUBLIC"
|
|
echo ""
|
|
echo "Set in .env:"
|
|
echo " JWT_PRIVATE_KEY_PATH=$PRIVATE"
|
|
echo " JWT_PUBLIC_KEY_PATH=$PUBLIC"
|
|
echo ""
|
|
echo "WARNING: Never commit .pem files to Git!"
|