Feature/ml itcc (#380)

* sites moved to etc itcc.comf * mainzelliste test * volume * fix image * db name chaged * ingest component test * clean up * maizelliste env db * test server ip * beam sockets * teswt socket and task * secure db and ml * refactor and patient endpoints * partner id * new refactor and encription key generation * db deleted * keyset to var/
2026-05-14 05:50:25 +02:00 · 2026-05-12 13:56:35 +02:00
parent cbf75f632f
commit 47b793668a
4 changed files with 88 additions and 9 deletions
@@ -3,4 +3,25 @@
 if [ -n "$ENABLE_OMICS" ];then
  OVERRIDE+=" -f ./$PROJECT/modules/itcc-omics-ingest.yaml"
  GENERATE_API_KEY="$(generate_simple_password 'omics')"
+  PATIENTLIST_POSTGRES_PASSWORD=="$(generate_simple_password 'mainzelliste')"
+  KEYSET=/var/bridgehead/mainzelliste/keyset_siv.json
+  if [ ! -f "$KEYSET" ]; then
+    mkdir -p "$(dirname "$KEYSET")"
+    KEY_ID=$(($(openssl rand -hex 4 | sed 's/^/0x/') & 0x7FFFFFFF))
+    VALUE=$({ printf '\x12\x40'; openssl rand 64; } | base64 | tr -d '\n')
+    jq -n --argjson id "$KEY_ID" --arg value "$VALUE" '{
+      primaryKeyId: $id,
+      key: [{
+        keyData: {
+          typeUrl: "type.googleapis.com/google.crypto.tink.AesSivKey",
+          value: $value,
+          keyMaterialType: "SYMMETRIC"
+        },
+        status: "ENABLED",
+        keyId: $id,
+        outputPrefixType: "TINK"
+      }]
+    }' > "$KEYSET"
+    chmod 600 "$KEYSET"
+  fi
 fi