deploy: add systemd unit + show-secret CLI command
bincio-auth.service: runs at port 4040, reads BINCIO_AUTH_JWT_SECRET from /etc/bincio/secrets.env (shared with bincio-activity). show-secret: prints the JWT secret stored by 'bincio-auth init', so the operator can add it to secrets.env without raw sqlite3.
This commit is contained in:
Davide Scaini
@@ -71,6 +71,23 @@ def init_cmd(data_dir: str, handle: str, password: str, display_name: str, max_u
|
||||
))
|
||||
|
||||
|
||||
@main.command("show-secret")
|
||||
@click.option("--data-dir", required=True, type=click.Path(), help="Data directory (contains instance.db)")
|
||||
def show_secret_cmd(data_dir: str) -> None:
|
||||
"""Print the JWT secret stored in the DB — use this to configure consumer services."""
|
||||
from bincio.auth.db import get_setting, open_db
|
||||
|
||||
dd = Path(data_dir).expanduser().resolve()
|
||||
if not (dd / "instance.db").exists():
|
||||
raise click.UsageError(f"No instance.db in {dd}.")
|
||||
db = open_db(dd)
|
||||
secret = get_setting(db, "jwt_secret") or ""
|
||||
db.close()
|
||||
if not secret:
|
||||
raise click.ClickException("No JWT secret found. Run `bincio-auth init` first.")
|
||||
click.echo(secret)
|
||||
|
||||
|
||||
@main.command("serve")
|
||||
@click.option("--data-dir", required=True, type=click.Path(), help="Data directory (contains instance.db)")
|
||||
@click.option("--host", default="127.0.0.1")
|
||||
|
||||
Reference in New Issue
Block a user