172 lines
5.0 KiB
Python
Executable File
172 lines
5.0 KiB
Python
Executable File
#!/usr/bin/env python3
|
|
"""Rotate API key for AegisGitea MCP."""
|
|
|
|
import re
|
|
import sys
|
|
from datetime import datetime, timedelta, timezone
|
|
from pathlib import Path
|
|
|
|
# Add src to path for imports
|
|
sys.path.insert(0, str(Path(__file__).parent.parent / "src"))
|
|
|
|
from aegis_gitea_mcp.auth import generate_api_key
|
|
|
|
|
|
def main() -> None:
|
|
"""Rotate API key in .env file."""
|
|
print("=" * 70)
|
|
print("AegisGitea MCP - API Key Rotation")
|
|
print("=" * 70)
|
|
print()
|
|
|
|
# Find .env file
|
|
env_file = Path(__file__).parent.parent / ".env"
|
|
|
|
if not env_file.exists():
|
|
print("❌ Error: .env file not found")
|
|
print(f" Expected location: {env_file}")
|
|
print()
|
|
print(" Please create .env from .env.example first")
|
|
sys.exit(1)
|
|
|
|
# Read current .env
|
|
with open(env_file, "r", encoding="utf-8") as f:
|
|
env_content = f.read()
|
|
|
|
# Check if MCP_API_KEYS exists
|
|
if "MCP_API_KEYS" not in env_content:
|
|
print("❌ Error: MCP_API_KEYS not found in .env file")
|
|
print()
|
|
print(" Please add MCP_API_KEYS to your .env file first")
|
|
sys.exit(1)
|
|
|
|
# Extract current key
|
|
match = re.search(r"MCP_API_KEYS=([^\n]+)", env_content)
|
|
if not match:
|
|
print("❌ Error: Could not parse MCP_API_KEYS from .env")
|
|
sys.exit(1)
|
|
|
|
current_keys = match.group(1).strip()
|
|
key_list = [k.strip() for k in current_keys.split(",") if k.strip()]
|
|
|
|
print(f"Found {len(key_list)} existing key(s)")
|
|
print()
|
|
|
|
# Show current keys (first 8 chars only)
|
|
for i, key in enumerate(key_list, 1):
|
|
key_hint = f"{key[:8]}...{key[-4:]}" if len(key) >= 12 else "invalid"
|
|
print(f" {i}. {key_hint}")
|
|
|
|
print()
|
|
print("-" * 70)
|
|
print()
|
|
|
|
# Generate new key
|
|
new_key = generate_api_key(length=64)
|
|
created_at = datetime.now(timezone.utc)
|
|
expires_at = created_at + timedelta(days=90)
|
|
|
|
print("✓ New API key generated!")
|
|
print()
|
|
print(f"Created: {created_at.strftime('%Y-%m-%d %H:%M:%S UTC')}")
|
|
print(f"Expires: {expires_at.strftime('%Y-%m-%d %H:%M:%S UTC')} (90 days)")
|
|
print()
|
|
print("-" * 70)
|
|
print()
|
|
|
|
# Ask what to do with old keys
|
|
print("Rotation Strategy:")
|
|
print()
|
|
print(" 1. Replace all keys with new key (recommended)")
|
|
print(" 2. Add new key, keep old keys (grace period)")
|
|
print(" 3. Cancel")
|
|
print()
|
|
|
|
choice = input("Choose option [1/2/3]: ").strip()
|
|
|
|
if choice == "3":
|
|
print("\nRotation cancelled.")
|
|
sys.exit(0)
|
|
elif choice == "2":
|
|
# Add new key to list
|
|
key_list.append(new_key)
|
|
new_keys_str = ",".join(key_list)
|
|
print("\n✓ New key will be added (total: {} keys)".format(len(key_list)))
|
|
print("\n⚠️ IMPORTANT: Remove old keys manually after updating ChatGPT config")
|
|
elif choice == "1":
|
|
# Replace with only new key
|
|
new_keys_str = new_key
|
|
print("\n✓ All old keys will be replaced with new key")
|
|
else:
|
|
print("\n❌ Invalid choice. Operation cancelled.")
|
|
sys.exit(1)
|
|
|
|
print()
|
|
print("-" * 70)
|
|
print()
|
|
|
|
# Update .env file
|
|
new_env_content = re.sub(r"MCP_API_KEYS=([^\n]+)", f"MCP_API_KEYS={new_keys_str}", env_content)
|
|
|
|
# Backup old .env
|
|
backup_file = env_file.with_suffix(f".env.backup-{datetime.now().strftime('%Y%m%d-%H%M%S')}")
|
|
with open(backup_file, "w", encoding="utf-8") as f:
|
|
f.write(env_content)
|
|
|
|
print(f"✓ Backed up old .env to: {backup_file.name}")
|
|
|
|
# Write new .env
|
|
with open(env_file, "w", encoding="utf-8") as f:
|
|
f.write(new_env_content)
|
|
|
|
print(f"✓ Updated .env file with new key(s)")
|
|
print()
|
|
print("-" * 70)
|
|
print()
|
|
print("📋 Next Steps:")
|
|
print()
|
|
print("1. Restart the MCP server:")
|
|
print()
|
|
print(" docker-compose restart aegis-mcp")
|
|
print()
|
|
print("2. Update ChatGPT Business configuration:")
|
|
print()
|
|
print(" - Go to ChatGPT Settings > MCP Servers")
|
|
print(" - Update Authorization header:")
|
|
print(f" Authorization: Bearer {new_key}")
|
|
print()
|
|
print("3. Test the connection:")
|
|
print()
|
|
print(" Ask ChatGPT: 'List my Gitea repositories'")
|
|
print()
|
|
print("4. If using grace period (option 2):")
|
|
print()
|
|
print(" - After confirming ChatGPT works with new key")
|
|
print(" - Manually remove old keys from .env")
|
|
print(" - Restart server again")
|
|
print()
|
|
print("-" * 70)
|
|
print()
|
|
print("⚠️ IMPORTANT:")
|
|
print()
|
|
print(f" • New API Key: {new_key}")
|
|
print(" • Store this securely - it won't be shown again")
|
|
print(" • Set a reminder to rotate in 90 days")
|
|
print(" • Old .env backed up to:", backup_file.name)
|
|
print()
|
|
print("=" * 70)
|
|
|
|
|
|
if __name__ == "__main__":
|
|
try:
|
|
main()
|
|
except KeyboardInterrupt:
|
|
print("\n\nOperation cancelled.")
|
|
sys.exit(1)
|
|
except Exception as e:
|
|
print(f"\n❌ Error: {e}", file=sys.stderr)
|
|
import traceback
|
|
|
|
traceback.print_exc()
|
|
sys.exit(1)
|