#!/usr/bin/env bash
# Generate secure secrets for AgentHub production deployment

set -euo pipefail

echo "🔐 AgentHub Production Secrets Generator"
echo "========================================"
echo ""

# Generate JWT Secret (32 bytes = 256 bits)
JWT_SECRET=$(openssl rand -base64 32)
echo "JWT_SECRET (copy to Coolify env vars):"
echo "  $JWT_SECRET"
echo ""

# Generate PostgreSQL Password (24 bytes)
POSTGRES_PASSWORD=$(openssl rand -base64 24)
echo "POSTGRES_PASSWORD (copy to Coolify env vars):"
echo "  $POSTGRES_PASSWORD"
echo ""

# Generate GPG key for backups (optional)
echo "🔑 Optional: Generate GPG key for backup encryption"
echo "   Run: gpg --gen-key"
echo "   Then get the key ID: gpg --list-keys"
echo ""

# Summary
echo "📋 Summary of generated secrets:"
echo "================================"
echo ""
echo "# Add these to Coolify environment variables:"
echo "JWT_SECRET=$JWT_SECRET"
echo "POSTGRES_PASSWORD=$POSTGRES_PASSWORD"
echo "POSTGRES_USER=agenthub"
echo "POSTGRES_DB=agenthub"
echo "ALLOWED_ORIGINS=https://agenthub.barodine.net"
echo ""
echo "✅ Done! Copy the values above to your Coolify project settings."
echo ""
echo "⚠️  Security reminder:"
echo "   - Never commit these values to git"
echo "   - Store them in a password manager"
echo "   - Rotate them regularly (every 90 days)"