customer-installer/save_credentials.sh

#!/usr/bin/env bash
set -Eeuo pipefail

# Save Credentials Script
# Extracts and saves credentials from installation JSON to a file

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"

usage() {
  cat >&2 <<'EOF'
Usage:
  bash save_credentials.sh --json <json-string> [options]
  bash save_credentials.sh --json-file <path> [options]

Required (one of):
  --json <string>             JSON string from installation output
  --json-file <path>          Path to file containing JSON

Options:
  --output <path>             Output file path (default: credentials/<hostname>.json)
  --format                    Pretty-print JSON output

Examples:
  # Save from JSON string
  bash save_credentials.sh --json '{"ctid":123,...}'

  # Save from file
  bash save_credentials.sh --json-file /tmp/install_output.json

  # Custom output location
  bash save_credentials.sh --json-file output.json --output my-credentials.json
EOF
}

# Parse arguments
JSON_STRING=""
JSON_FILE=""
OUTPUT_FILE=""
FORMAT=0

while [[ $# -gt 0 ]]; do
  case "$1" in
    --json) JSON_STRING="${2:-}"; shift 2 ;;
    --json-file) JSON_FILE="${2:-}"; shift 2 ;;
    --output) OUTPUT_FILE="${2:-}"; shift 2 ;;
    --format) FORMAT=1; shift 1 ;;
    --help|-h) usage; exit 0 ;;
    *) echo "Unknown option: $1 (use --help)" >&2; exit 1 ;;
  esac
done

# Get JSON content
if [[ -n "$JSON_FILE" ]]; then
  [[ -f "$JSON_FILE" ]] || { echo "File not found: $JSON_FILE" >&2; exit 1; }
  JSON_STRING=$(cat "$JSON_FILE")
elif [[ -z "$JSON_STRING" ]]; then
  echo "Error: Either --json or --json-file is required" >&2
  usage
  exit 1
fi

# Validate JSON
if ! echo "$JSON_STRING" | python3 -m json.tool >/dev/null 2>&1; then
  echo "Error: Invalid JSON" >&2
  exit 1
fi

# Extract hostname
HOSTNAME=$(echo "$JSON_STRING" | grep -oP '"hostname"\s*:\s*"\K[^"]+' || echo "")
[[ -n "$HOSTNAME" ]] || { echo "Error: Could not extract hostname from JSON" >&2; exit 1; }

# Set output file if not specified
if [[ -z "$OUTPUT_FILE" ]]; then
  OUTPUT_FILE="${SCRIPT_DIR}/credentials/${HOSTNAME}.json"
fi

# Create credentials directory if needed
mkdir -p "$(dirname "$OUTPUT_FILE")"

# Create credentials JSON with updateable fields
cat > "$OUTPUT_FILE" <<EOF
{
  "container": {
    "ctid": $(echo "$JSON_STRING" | grep -oP '"ctid"\s*:\s*\K[0-9]+'),
    "hostname": "$(echo "$JSON_STRING" | grep -oP '"hostname"\s*:\s*"\K[^"]+')",
    "fqdn": "$(echo "$JSON_STRING" | grep -oP '"fqdn"\s*:\s*"\K[^"]+')",
    "ip": "$(echo "$JSON_STRING" | grep -oP '"ip"\s*:\s*"\K[^"]+')",
    "vlan": $(echo "$JSON_STRING" | grep -oP '"vlan"\s*:\s*\K[0-9]+')
  },
  "urls": {
    "n8n_internal": "$(echo "$JSON_STRING" | grep -oP '"n8n_internal"\s*:\s*"\K[^"]+')",
    "n8n_external": "$(echo "$JSON_STRING" | grep -oP '"n8n_external"\s*:\s*"\K[^"]+')",
    "postgrest": "$(echo "$JSON_STRING" | grep -oP '"postgrest"\s*:\s*"\K[^"]+')",
    "chat_webhook": "$(echo "$JSON_STRING" | grep -oP '"chat_webhook"\s*:\s*"\K[^"]+')",
    "chat_internal": "$(echo "$JSON_STRING" | grep -oP '"chat_internal"\s*:\s*"\K[^"]+')",
    "upload_form": "$(echo "$JSON_STRING" | grep -oP '"upload_form"\s*:\s*"\K[^"]+')",
    "upload_form_internal": "$(echo "$JSON_STRING" | grep -oP '"upload_form_internal"\s*:\s*"\K[^"]+')"
  },
  "postgres": {
    "host": "$(echo "$JSON_STRING" | grep -oP '"postgres"[^}]*"host"\s*:\s*"\K[^"]+')",
    "port": $(echo "$JSON_STRING" | grep -oP '"postgres"[^}]*"port"\s*:\s*\K[0-9]+'),
    "db": "$(echo "$JSON_STRING" | grep -oP '"postgres"[^}]*"db"\s*:\s*"\K[^"]+')",
    "user": "$(echo "$JSON_STRING" | grep -oP '"postgres"[^}]*"user"\s*:\s*"\K[^"]+')",
    "password": "$(echo "$JSON_STRING" | grep -oP '"postgres"[^}]*"password"\s*:\s*"\K[^"]+')"
  },
  "supabase": {
    "url": "$(echo "$JSON_STRING" | grep -oP '"supabase"[^}]*"url"\s*:\s*"\K[^"]+' | head -1)",
    "url_external": "$(echo "$JSON_STRING" | grep -oP '"url_external"\s*:\s*"\K[^"]+')",
    "anon_key": "$(echo "$JSON_STRING" | grep -oP '"anon_key"\s*:\s*"\K[^"]+')",
    "service_role_key": "$(echo "$JSON_STRING" | grep -oP '"service_role_key"\s*:\s*"\K[^"]+')",
    "jwt_secret": "$(echo "$JSON_STRING" | grep -oP '"jwt_secret"\s*:\s*"\K[^"]+')"
  },
  "ollama": {
    "url": "$(echo "$JSON_STRING" | grep -oP '"ollama"[^}]*"url"\s*:\s*"\K[^"]+')",
    "model": "$(echo "$JSON_STRING" | grep -oP '"ollama"[^}]*"model"\s*:\s*"\K[^"]+')",
    "embedding_model": "$(echo "$JSON_STRING" | grep -oP '"embedding_model"\s*:\s*"\K[^"]+')"
  },
  "n8n": {
    "encryption_key": "$(echo "$JSON_STRING" | grep -oP '"n8n"[^}]*"encryption_key"\s*:\s*"\K[^"]+')",
    "owner_email": "$(echo "$JSON_STRING" | grep -oP '"owner_email"\s*:\s*"\K[^"]+')",
    "owner_password": "$(echo "$JSON_STRING" | grep -oP '"owner_password"\s*:\s*"\K[^"]+')",
    "secure_cookie": $(echo "$JSON_STRING" | grep -oP '"secure_cookie"\s*:\s*\K(true|false)')
  },
  "log_file": "$(echo "$JSON_STRING" | grep -oP '"log_file"\s*:\s*"\K[^"]+')",
  "created_at": "$(date -Iseconds)",
  "updateable_fields": {
    "ollama_url": "Can be updated to use hostname instead of IP",
    "ollama_model": "Can be changed to different model",
    "embedding_model": "Can be changed to different embedding model",
    "postgres_password": "Can be updated (requires container restart)",
    "n8n_owner_password": "Can be updated (requires container restart)"
  }
}
EOF

# Format if requested
if [[ "$FORMAT" == "1" ]]; then
  python3 -m json.tool "$OUTPUT_FILE" > "${OUTPUT_FILE}.tmp" && mv "${OUTPUT_FILE}.tmp" "$OUTPUT_FILE"
fi

echo "Credentials saved to: $OUTPUT_FILE"
echo ""
echo "To update credentials, use:"
echo "  bash update_credentials.sh --ctid $(echo "$JSON_STRING" | grep -oP '"ctid"\s*:\s*\K[0-9]+') --credentials-file $OUTPUT_FILE"