admin/cli/generate_key.php

   1 <?php
   2 // This file is part of Moodle - http://moodle.org/
   3 //
   4 // Moodle is free software: you can redistribute it and/or modify
   5 // it under the terms of the GNU General Public License as published by
   6 // the Free Software Foundation, either version 3 of the License, or
   7 // (at your option) any later version.
   8 //
   9 // Moodle is distributed in the hope that it will be useful,
  10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12 // GNU General Public License for more details.
  13 //
  14 // You should have received a copy of the GNU General Public License
  15 // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16
  17 /**
  18  * Generates a secure key for the current server (presuming it does not already exist).
  19  *
  20  * @package core_admin
  21  * @copyright 2020 The Open University
  22  * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  23  */
  24
  25 use \core\encryption;
  26
  27 define('CLI_SCRIPT', true);
  28
  29 require(__DIR__ . '/../../config.php');
  30 require_once($CFG->libdir . '/clilib.php');
  31
  32 // Get cli options.
  33 [$options, $unrecognized] = cli_get_params(
  34         ['help' => false, 'method' => null],
  35         ['h' => 'help']);
  36
  37 if ($unrecognized) {
  38     $unrecognized = implode("\n  ", $unrecognized);
  39     cli_error(get_string('cliunknowoption', 'admin', $unrecognized));
  40 }
  41
  42 if ($options['help']) {
  43     echo "Generate secure key
  44
  45 This script manually creates a secure key within the secret data root folder (configured in
  46 config.php as \$CFG->secretdataroot). You must run it using an account with access to write
  47 to that folder.
  48
  49 In normal use Moodle automatically creates the key; this script is intended when setting up
  50 a new Moodle system, for cases where the secure folder is not on shared storage and the key
  51 may be manually installed on multiple servers.
  52
  53 Options:
  54 -h, --help         Print out this help
  55 --method <method>  Generate key for specified encryption method instead of default (sodium)
  56
  57 Example:
  58 php admin/cli/generate_key.php
  59 ";
  60     exit;
  61 }
  62
  63 $method = $options['method'];
  64
  65 if (encryption::key_exists($method)) {
  66     echo 'Key already exists: ' . encryption::get_key_file($method) . "\n";
  67     exit;
  68 }
  69
  70 // Creates key with default permissions (no chmod).
  71 echo "Generating key...\n";
  72 encryption::create_key($method, false);
  73
  74 echo "\nKey created: " . encryption::get_key_file($method) . "\n\n";
  75 echo "If the key folder is not shared storage, then key files should be copied to all servers.\n";