a bit of Bash fetishism

authelia · james-d-elliott · Jul 14, 2021 · Jul 2, 2021 · Jul 2, 2021 · Jul 2, 2021
commit 7380e74258ef6f4703efdefa9900dc5b4cc225b1
diff --git a/docs/configuration/identity-providers/oidc.md b/docs/configuration/identity-providers/oidc.md
@@ -383,8 +383,14 @@ know what you're doing. Potential values are `form_post`, `query`, and `fragment
 ## Generating Options Yourself
 
 If you must generate an option yourself, you can use a random string of sufficient length. The command
-`openssl rand -base64 32` provides such a random string with base64-conform characters. For Kubernetes,
-see [this section too](../secrets.md#Kubernetes).
+
+```sh
+LENGHT=64
+tr -cd '[:alnum:]' < /dev/urandom | fold -w "${LENGTH}" | head -n 1 | tr -d '\n' ; echo
+```
+
+prints such a string with a length in characters of `${LENGTH}` on `stdout`. The string will only contain alphanumeric
+characters. For Kubernetes, see [this section too](../secrets.md#Kubernetes).
 
 ## Scope Definitions
 

diff --git a/docs/configuration/secrets.md b/docs/configuration/secrets.md
@@ -178,22 +178,30 @@ metadata:
   namespace: your-authelia-namespace
 
 data:
-  keys.duo: >-
+  duo_key: >-
     UXE1WmM4S0pldnl6eHRwQ3psTGpDbFplOXFueUVyWEZhYjE0Z01IRHN0RT0K
 
-  keys.jwt: >-
+  jwt_secret: >-
     anotherBase64EncodedSecret
 
 ...
 ```
 
-where `UXE1WmM4S0pldnl6eHRwQ3psTGpDbFplOXFueUVyWEZhYjE0Z01IRHN0RT0K` is base64 encoded for `Qq5Zc8KJevyzxtpCzlLjClZe9qnyErXFab14gMHDstE`, the actual content of the secret. You can generate these contents with
+where `UXE1WmM4S0pldnl6eHRwQ3psTGpDbFplOXFueUVyWEZhYjE0Z01IRHN0RT0K` is Base64 encoded for
+`Qq5Zc8KJevyzxtpCzlLjClZe9qnyErXFab14gMHDstE`, the actual content of the secret. You can generate these contents with
 
 ```sh
-openssl rand -base64 32 | tr -d '\n' | tee actualSecretContent.txt | base64
+LENGHT=64
+tr -cd '[:alnum:]' < /dev/urandom \
+  | fold -w "${LENGTH}"           \
+  | head -n 1                     \
+  | tr -d '\n'                    \
+  | tee actualSecretContent.txt   \
+  | base64 --wrap 0               \
+  ; echo
 ```
 
-which writes the secret's content to the `actualSecretContent.txt` file and print the base64 encoded version on the screen (`stdout`). `32` is the length in characters of the secret content generated by `openssl`.
+which writes the secret's content to the `actualSecretContent.txt` file and print the Base64 encoded version on `stdout`. `${LENGTH}` is the length in characters of the secret content generated by this pipe. IF you don't want the contents to be written to `actualSecretContent.txt`, just delete the line with the `tee` command.
 
 ### Kustomization