Hugging Face's logo

Spaces:
neural-thinker
/
cidadao.ai-backend
Paused

App Files Community
cidadao.ai-backend
File size: 6,510 Bytes 
824bf31
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
 
#!/bin/bash
#
# Vault Setup Script for Cidadรฃo.AI
# Initializes Vault with secrets for development/production
#

set -e

# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color

# Configuration
VAULT_ADDR="${VAULT_ADDR:-http://localhost:8200}"
VAULT_TOKEN="${VAULT_TOKEN:-}"
SECRET_PATH="${SECRET_PATH:-secret/cidadao-ai}"

echo -e "${BLUE}๐Ÿ” Cidadรฃo.AI Vault Setup${NC}"
echo -e "${BLUE}=========================${NC}"
echo

# Check if Vault is available
echo -e "${YELLOW}๐Ÿ” Checking Vault availability...${NC}"
if ! curl -s "${VAULT_ADDR}/v1/sys/health" > /dev/null; then
    echo -e "${RED}โŒ Vault is not accessible at ${VAULT_ADDR}${NC}"
    echo -e "${YELLOW}๐Ÿ’ก Make sure Vault is running: docker-compose up vault${NC}"
    exit 1
fi

echo -e "${GREEN}โœ… Vault is accessible${NC}"

# Check authentication
if [ -z "$VAULT_TOKEN" ]; then
    echo -e "${YELLOW}๐Ÿ”‘ Please provide Vault token:${NC}"
    read -s VAULT_TOKEN
    export VAULT_TOKEN
fi

# Verify token
if ! vault auth -address="$VAULT_ADDR" "$VAULT_TOKEN" > /dev/null 2>&1; then
    echo -e "${RED}โŒ Invalid Vault token${NC}"
    exit 1
fi

echo -e "${GREEN}โœ… Authenticated with Vault${NC}"

# Enable KV v2 secrets engine if not already enabled
echo -e "${YELLOW}๐Ÿ”ง Enabling KV v2 secrets engine...${NC}"
vault secrets enable -address="$VAULT_ADDR" -path=secret kv-v2 2>/dev/null || true

# Function to set secret
set_secret() {
    local path="$1"
    local key="$2"
    local value="$3"
    local description="$4"
    
    echo -e "${YELLOW}๐Ÿ“ Setting ${description}...${NC}"
    vault kv put -address="$VAULT_ADDR" "${SECRET_PATH}/${path}" "${key}=${value}"
}

# Function to generate secure password
generate_password() {
    python3 -c "
import secrets
import string
alphabet = string.ascii_letters + string.digits + '!@#$%^&*'
print(''.join(secrets.choice(alphabet) for _ in range(32)))
"
}

# Function to generate JWT secret
generate_jwt_secret() {
    python3 -c "
import secrets
print(secrets.token_urlsafe(64))
"
}

echo -e "${BLUE}๐Ÿš€ Setting up secrets...${NC}"
echo

# Application secrets
echo -e "${YELLOW}๐Ÿ” Application Secrets${NC}"
APP_SECRET=$(generate_password)
set_secret "application" "secret_key" "$APP_SECRET" "Application secret key"

# JWT secrets
echo -e "${YELLOW}๐ŸŽซ JWT Secrets${NC}"
JWT_SECRET=$(generate_jwt_secret)
set_secret "jwt" "secret_key" "$JWT_SECRET" "JWT secret key"
set_secret "jwt" "algorithm" "HS256" "JWT algorithm"
set_secret "jwt" "access_token_expire_minutes" "30" "JWT access token expiry"
set_secret "jwt" "refresh_token_expire_days" "7" "JWT refresh token expiry"

# Database secrets
echo -e "${YELLOW}๐Ÿ—„๏ธ Database Secrets${NC}"
DB_PASSWORD=$(generate_password)
set_secret "database" "url" "postgresql://cidadao:${DB_PASSWORD}@postgres:5432/cidadao_ai" "Database URL"
set_secret "database" "username" "cidadao" "Database username"
set_secret "database" "password" "$DB_PASSWORD" "Database password"
set_secret "database" "host" "postgres" "Database host"
set_secret "database" "port" "5432" "Database port"
set_secret "database" "database" "cidadao_ai" "Database name"

# Redis secrets
echo -e "${YELLOW}๐Ÿ“ฎ Redis Secrets${NC}"
REDIS_PASSWORD=$(generate_password)
set_secret "redis" "url" "redis://:${REDIS_PASSWORD}@redis:6379/0" "Redis URL"
set_secret "redis" "password" "$REDIS_PASSWORD" "Redis password"

# Infrastructure secrets
echo -e "${YELLOW}๐Ÿ—๏ธ Infrastructure Secrets${NC}"
MINIO_PASSWORD=$(generate_password)
CHROMA_TOKEN=$(generate_jwt_secret)
PGADMIN_PASSWORD=$(generate_password)

set_secret "infrastructure" "minio_access_key" "minioadmin" "MinIO access key"
set_secret "infrastructure" "minio_secret_key" "$MINIO_PASSWORD" "MinIO secret key"
set_secret "infrastructure" "chroma_auth_token" "$CHROMA_TOKEN" "ChromaDB auth token"
set_secret "infrastructure" "pgadmin_password" "$PGADMIN_PASSWORD" "PgAdmin password"

# User credentials (for development)
echo -e "${YELLOW}๐Ÿ‘ฅ User Credentials${NC}"
ADMIN_PASSWORD=$(generate_password)
ANALYST_PASSWORD=$(generate_password)

set_secret "users" "admin_email" "[email protected]" "Admin user email"
set_secret "users" "admin_password" "$ADMIN_PASSWORD" "Admin user password"
set_secret "users" "admin_name" "Administrador" "Admin user name"
set_secret "users" "analyst_email" "[email protected]" "Analyst user email"
set_secret "users" "analyst_password" "$ANALYST_PASSWORD" "Analyst user password"
set_secret "users" "analyst_name" "Analista" "Analyst user name"

# API Keys (placeholders - to be updated with real keys)
echo -e "${YELLOW}๐Ÿ”‘ API Key Placeholders${NC}"
set_secret "api_keys" "transparency_api_key" "REPLACE_WITH_REAL_KEY" "Portal da Transparรชncia API key"
set_secret "api_keys" "groq_api_key" "REPLACE_WITH_REAL_KEY" "Groq API key"
set_secret "api_keys" "together_api_key" "REPLACE_WITH_REAL_KEY" "Together AI API key"
set_secret "api_keys" "huggingface_api_key" "REPLACE_WITH_REAL_KEY" "Hugging Face API key"
set_secret "api_keys" "openai_api_key" "REPLACE_WITH_REAL_KEY" "OpenAI API key"

echo
echo -e "${GREEN}๐ŸŽ‰ Vault setup completed successfully!${NC}"
echo
echo -e "${BLUE}๐Ÿ“‹ Summary:${NC}"
echo -e "${GREEN}โœ… Application secrets configured${NC}"
echo -e "${GREEN}โœ… JWT secrets configured${NC}" 
echo -e "${GREEN}โœ… Database secrets configured${NC}"
echo -e "${GREEN}โœ… Redis secrets configured${NC}"
echo -e "${GREEN}โœ… Infrastructure secrets configured${NC}"
echo -e "${GREEN}โœ… User credentials configured${NC}"
echo -e "${YELLOW}โš ๏ธ  API key placeholders created (update with real keys)${NC}"
echo
echo -e "${BLUE}๐Ÿ” Generated credentials:${NC}"
echo -e "${YELLOW}Admin User:${NC} [email protected] / $ADMIN_PASSWORD"
echo -e "${YELLOW}Analyst User:${NC} [email protected] / $ANALYST_PASSWORD"
echo -e "${YELLOW}Database Password:${NC} $DB_PASSWORD"
echo -e "${YELLOW}Redis Password:${NC} $REDIS_PASSWORD"
echo
echo -e "${BLUE}๐Ÿš€ Next steps:${NC}"
echo "1. Update API keys in Vault with real values"
echo "2. Set VAULT_TOKEN in your environment"
echo "3. Start the application with Vault integration"
echo "4. Test the secret retrieval"
echo
echo -e "${BLUE}๐Ÿ”ง Useful commands:${NC}"
echo "# List all secrets:"
echo "vault kv list -address=$VAULT_ADDR $SECRET_PATH"
echo
echo "# Get a specific secret:"
echo "vault kv get -address=$VAULT_ADDR $SECRET_PATH/jwt"
echo
echo "# Update an API key:"
echo "vault kv patch -address=$VAULT_ADDR $SECRET_PATH/api_keys groq_api_key=your_real_key"