#!/bin/bash # create_docker_secrets.sh - Create all Docker secrets for swarm stacks # Run this ONCE before deploying the fixed stack files set -euo pipefail # Colors GREEN='\033[0;32m' YELLOW='\033[1;33m' RED='\033[0;31m' NC='\033[0m' echo -e "${YELLOW}Docker Secrets Creation Script${NC}" echo "This will create all required secrets for your swarm stacks." echo "" # Check if running on swarm manager if ! docker node ls &>/dev/null; then echo -e "${RED}Error: This must be run on a Docker Swarm manager node${NC}" exit 1 fi # Function to create secret create_secret() { local SECRET_NAME=$1 local SECRET_DESCRIPTION=$2 local DEFAULT_VALUE=$3 if docker secret inspect "$SECRET_NAME" &>/dev/null; then echo -e "${YELLOW}⚠ Secret '$SECRET_NAME' already exists, skipping${NC}" return 0 fi echo -e "\n${GREEN}Creating secret: $SECRET_NAME${NC}" echo "$SECRET_DESCRIPTION" if [[ -n "$DEFAULT_VALUE" ]]; then read -p "Enter value (default: $DEFAULT_VALUE): " SECRET_VALUE SECRET_VALUE=${SECRET_VALUE:-$DEFAULT_VALUE} else read -sp "Enter value (hidden): " SECRET_VALUE echo fi if [[ -z "$SECRET_VALUE" ]]; then echo -e "${RED}Error: Secret value cannot be empty${NC}" return 1 fi echo -n "$SECRET_VALUE" | docker secret create "$SECRET_NAME" - echo -e "${GREEN}✓ Created secret: $SECRET_NAME${NC}" } echo "===================================" echo "Paperless Secrets" echo "===================================" create_secret "paperless_db_password" \ "Database password for Paperless PostgreSQL" \ "" create_secret "paperless_secret_key" \ "Django secret key for Paperless (50+ random characters)" \ "" echo "" echo "===================================" echo "Grafana Secrets" echo "===================================" create_secret "grafana_admin_password" \ "Grafana admin password" \ "" echo "" echo "===================================" echo "DuckDNS Secret" echo "===================================" create_secret "duckdns_token" \ "DuckDNS API token (from duckdns.org account)" \ "" echo "" echo -e "${GREEN}===================================" echo "All secrets created successfully!" echo "===================================${NC}" echo "" echo "Verify secrets:" echo " docker secret ls" echo "" echo "To remove a secret (if needed):" echo " docker secret rm " echo "" echo "IMPORTANT: Secret values cannot be retrieved after creation." echo "Store them securely in a password manager!"