michaelschiemer/scripts/deployment/setup-production-secrets.sh

#!/bin/bash
# ==============================================================================
# Production Secrets Setup Script
# ==============================================================================
# This script creates Docker Secrets on the production server from .env values
# Run this ONCE during initial setup on the production server.
# ==============================================================================

set -e

echo "🔐 Docker Secrets Setup for Production"
echo "======================================"
echo ""

# Check if running on production server
if [ ! -f /home/deploy/framework/.env ]; then
    echo "❌ ERROR: /home/deploy/framework/.env not found"
    echo "   Please ensure .env file exists on production server"
    exit 1
fi

# Check if Docker Swarm is initialized
if ! docker info | grep -q "Swarm: active"; then
    echo "❌ ERROR: Docker Swarm is not initialized"
    echo "   Run: docker swarm init"
    exit 1
fi

echo "📋 Reading secrets from .env file..."
cd /home/deploy/framework

# Function to create secret from .env
create_secret() {
    local secret_name=$1
    local env_key=$2

    # Extract value from .env
    local value=$(grep "^${env_key}=" .env | cut -d'=' -f2- | sed 's/^"\(.*\)"$/\1/')

    if [ -z "$value" ]; then
        echo "⚠️  WARNING: ${env_key} not found in .env, skipping ${secret_name}"
        return
    fi

    # Check if secret already exists
    if docker secret ls --format "{{.Name}}" | grep -q "^${secret_name}$"; then
        echo "ℹ️  Secret '${secret_name}' already exists, skipping..."
        return
    fi

    # Create secret
    echo "$value" | docker secret create "$secret_name" - 2>/dev/null

    if [ $? -eq 0 ]; then
        echo "✅ Created secret: ${secret_name}"
    else
        echo "❌ Failed to create secret: ${secret_name}"
    fi
}

echo ""
echo "🔑 Creating Docker Secrets..."
echo ""

# Create all required secrets
create_secret "db_password" "DB_PASSWORD"
create_secret "app_key" "APP_KEY"
create_secret "vault_encryption_key" "VAULT_ENCRYPTION_KEY"
create_secret "shopify_webhook_secret" "SHOPIFY_WEBHOOK_SECRET"
create_secret "rapidmail_password" "RAPIDMAIL_PASSWORD"

echo ""
echo "📊 Verifying Secrets..."
echo ""

docker secret ls

echo ""
echo "✅ Secrets setup completed!"
echo ""
echo "Next steps:"
echo "  1. Deploy the stack: docker stack deploy -c docker-compose.prod.yml framework"
echo "  2. Monitor deployment: watch docker stack ps framework"
echo "  3. Check logs: docker service logs framework_web"
echo ""