From 01d7ef39c873c191cc3ff005df35ce00b7476ce4 Mon Sep 17 00:00:00 2001
From: Nikholas Pcenicni <nikholaspce@gmail.com>
Date: Mon, 19 Jan 2026 03:12:02 +0000
Subject: [PATCH] Add komodo/mastodon/gen-secrets.sh

---
 komodo/mastodon/gen-secrets.sh | 36 ++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 komodo/mastodon/gen-secrets.sh

diff --git a/komodo/mastodon/gen-secrets.sh b/komodo/mastodon/gen-secrets.sh
new file mode 100644
index 0000000..bb43f77
--- /dev/null
+++ b/komodo/mastodon/gen-secrets.sh
@@ -0,0 +1,36 @@
+# Run locally (on your machine or a secure host) to create the secrets you must paste into Komodo.
+# This prints secure values for DB, Rails secrets, VAPID guidance and ActiveRecord encryption keys.
+set -e
+
+echo "Generating secrets (openssl)..."
+
+DB_PASSWORD=$(openssl rand -hex 16)
+SECRET_KEY_BASE=$(openssl rand -hex 64)
+OTP_SECRET=$(openssl rand -hex 64)
+
+# ActiveRecord encryption keys:
+# - primary and deterministic keys: 32 bytes (hex) recommended
+# - salt: 16 bytes (hex) recommended
+ACTIVERECORD_ENCRYPTION_PRIMARY_KEY=$(openssl rand -hex 32)
+ACTIVERECORD_ENCRYPTION_DETERMINISTIC_KEY=$(openssl rand -hex 32)
+ACTIVERECORD_ENCRYPTION_KEY_DERIVATION_SALT=$(openssl rand -hex 16)
+
+echo ""
+echo "Copy these values into your Komodo environment configuration for the Mastodon services:"
+echo ""
+echo "DB_PASSWORD=${DB_PASSWORD}"
+echo "SECRET_KEY_BASE=${SECRET_KEY_BASE}"
+echo "OTP_SECRET=${OTP_SECRET}"
+echo ""
+echo "ACTIVERECORD_ENCRYPTION_PRIMARY_KEY=${ACTIVERECORD_ENCRYPTION_PRIMARY_KEY}"
+echo "ACTIVERECORD_ENCRYPTION_DETERMINISTIC_KEY=${ACTIVERECORD_ENCRYPTION_DETERMINISTIC_KEY}"
+echo "ACTIVERECORD_ENCRYPTION_KEY_DERIVATION_SALT=${ACTIVERECORD_ENCRYPTION_KEY_DERIVATION_SALT}"
+echo ""
+echo "Next: pull/build images on the host where you run docker-compose, then run the VAPID-generation rake task to get VAPID keys:"
+echo ""
+echo "  docker-compose pull"
+echo "  docker-compose run --rm web bash -lc \"RAILS_ENV=production bundle exec rake mastodon:webpush:generate_vapid_key\""
+echo ""
+echo "After running that rake task, copy the printed VAPID_PUBLIC_KEY and VAPID_PRIVATE_KEY into Komodo as environment variables."
+echo ""
+echo "Also set SMTP_PASSWORD and any other SMTP fields in Komodo."
\ No newline at end of file