Fixed secret key for fauna dev container

Help
, ,
1

Hi,

I’m using the dev container and I need to have a fixed secret key, is that possible?
Here’s my current script to create the container and the db

#!/usr/bin/env bash

docker pull fauna/faunadb
docker container stop faunadb || true && docker container rm faunadb || true
docker run --name faunadb -d \
        --health-cmd="faunadb-admin status" --health-interval=5s \
        -p 8443:8443 \
        -p 8084:8084 \
        fauna/faunadb
./docker/wait-for-healthy.sh faunadb 30

echo n | fauna add-endpoint http://localhost:8443/ --alias localhost --key secret
fauna create-database generator_dev --endpoint=localhost
fauna create-key generator_dev --endpoint=localhost

curl -u secret: http://localhost:8084/import --data-binary "@functions/schemas/schema.graphql"

I basically would like this command to always return the same secret key
fauna create-key generator_dev --endpoint=localhost

Is that possible?
I need a fixed secret key because I need to import the schema in the next step, so the easy way is to have a known secret key

Any idea is appreciated
Thank you

2

The Fauna Dev Docker image uses the default secret of secret. No additional key generation is required.

For a specific database, it is not possible to generated a key with a fixed secret; that would be a security issue.

If you need multiple processes to operate on the same database using the same secret, export the secret received from key generation into an environment variable (or other data sharing mechanism) to do so.

For example, you could write a script that calls fauna create-key ... and captures the generated secret from the output. Then update the $HOME/.fauna-shell configuration file to create a new endpoint definition that is based on the database name and includes the secret.

1 Like
3

Thank you for your reply
It’s for local testing only, that’s why I wasn’t concerned about security

Anyway, I managed to extract the key using this script, maybe someone else will find it useful

Cheers

#!/usr/bin/env bash

docker pull fauna/faunadb
docker container stop faunadb || true && docker container rm faunadb || true
docker run --name faunadb -d \
  --health-cmd="faunadb-admin status" --health-interval=5s \
  -p 8443:8443 \
  -p 8084:8084 \
  fauna/faunadb
./docker/wait-for-healthy.sh faunadb 30

echo n | fauna add-endpoint http://localhost:8443/ --alias localhost --key secret
fauna create-database generator_dev4 --endpoint=localhost
OUTPUT=$(fauna create-key generator_dev4 --endpoint=localhost)

echo "${OUTPUT}"

[[ "${OUTPUT}" =~ secret\:[[:space:]]([A-Za-z0-9_\-]+) ]]

SECRET="${BASH_REMATCH[1]}"
echo "Secret is ${SECRET}"

curl -u ${SECRET}: http://localhost:8084/import --data-binary "@functions/schemas/schema.graphql"

echo "FAUNADB_SECRET=${SECRET}
GRAPHQL_ENDPOINT=http://localhost:8084/graphql" > ".env";
4

Continuing the discussion from Fixed secret key for fauna dev container:

I think the main point here is that you execute a fauna-shell command in the faunadb container which integrates the fauna-shell - where you can just use the fauna-shell as you like. That implies setting a key, defining endpoints etc. respectively what the shell is capable of doing.

5

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.