Initial commit: MyMidas personal finance tracker
Full-stack self-hosted finance app with FastAPI backend and React frontend. Features: - Accounts, transactions, budgets, investments with GBP base currency - CSV import with auto-detection for 10 UK bank formats - ML predictions: spending forecast, net worth projection, Monte Carlo - 7 selectable themes (Obsidian, Arctic, Midnight, Vault, Terminal, Synthwave, Ledger) - Receipt/document attachments on transactions (JPEG, PNG, WebP, PDF) - AES-256-GCM field encryption, RS256 JWT, TOTP 2FA, RLS, audit log - Encrypted nightly backups + key rotation script - Mobile-responsive layout with bottom nav Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
commit
61a7884ee5
127 changed files with 13323 additions and 0 deletions
54
scripts/rotate_keys.sh
Executable file
54
scripts/rotate_keys.sh
Executable file
|
|
@ -0,0 +1,54 @@
|
|||
#!/bin/bash
|
||||
# rotate_keys.sh — re-encrypt all AES-256-GCM fields with a new key.
|
||||
# The application must be STOPPED before running.
|
||||
#
|
||||
# Usage:
|
||||
# NEW_ENCRYPTION_KEY=$(python3 -c "import secrets; print(secrets.token_hex(32))")
|
||||
# docker compose stop backend
|
||||
# NEW_ENCRYPTION_KEY="$NEW_ENCRYPTION_KEY" ./scripts/rotate_keys.sh
|
||||
# # On success, update ENCRYPTION_KEY in .env, then:
|
||||
# docker compose up -d backend
|
||||
set -euo pipefail
|
||||
|
||||
if [ -z "${NEW_ENCRYPTION_KEY:-}" ]; then
|
||||
echo "ERROR: NEW_ENCRYPTION_KEY is not set"
|
||||
echo "Generate with: python3 -c \"import secrets; print(secrets.token_hex(32))\""
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -z "${ENCRYPTION_KEY:-}" ]; then
|
||||
# Try to load from .env in the project root
|
||||
ENV_FILE="$(dirname "$0")/../.env"
|
||||
if [ -f "${ENV_FILE}" ]; then
|
||||
ENCRYPTION_KEY=$(grep -E '^ENCRYPTION_KEY=' "${ENV_FILE}" | cut -d= -f2- | tr -d '"' | tr -d "'")
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -z "${ENCRYPTION_KEY:-}" ]; then
|
||||
echo "ERROR: ENCRYPTION_KEY (current key) could not be found in environment or .env"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ "${ENCRYPTION_KEY}" = "${NEW_ENCRYPTION_KEY}" ]; then
|
||||
echo "ERROR: NEW_ENCRYPTION_KEY is the same as the current key — nothing to do"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "[rotate] This will re-encrypt ALL sensitive fields in the database."
|
||||
echo "[rotate] Ensure the application containers are stopped before continuing."
|
||||
read -r -p "[rotate] Type 'yes' to continue: " CONFIRM
|
||||
if [ "${CONFIRM}" != "yes" ]; then
|
||||
echo "[rotate] Aborted"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "[rotate] Running key rotation inside the backend container…"
|
||||
docker compose exec \
|
||||
-e ENCRYPTION_KEY="${ENCRYPTION_KEY}" \
|
||||
-e NEW_ENCRYPTION_KEY="${NEW_ENCRYPTION_KEY}" \
|
||||
backend python -m app.core.key_rotation
|
||||
|
||||
echo ""
|
||||
echo "[rotate] SUCCESS. Next steps:"
|
||||
echo " 1. Update ENCRYPTION_KEY in .env to: ${NEW_ENCRYPTION_KEY}"
|
||||
echo " 2. Restart the backend: docker compose up -d backend"
|
||||
Loading…
Add table
Add a link
Reference in a new issue