defmodule Mix.Tasks.BreakGlass.GenHash do
use Mix.Task
@shortdoc "Generate a bcrypt hash for a break-glass password"
@moduledoc """
Generates a bcrypt hash for a given plaintext password and prints it to stdout.
## Usage
mix break_glass.gen_hash "my_secret_password"
The hash printed to stdout can be stored in an environment variable or secrets
manager and then configured via:
config :break_glass_ex,
password_hash: System.fetch_env!("BREAK_GLASS_PASSWORD_HASH")
## Security Note
The plaintext password is **never** logged, persisted, or stored beyond the
computation of the hash. Do not commit the plaintext password to source control.
## Requirements
13.1, 13.2, 13.3, 13.4
"""
@impl Mix.Task
def run([password | _]) do
hash = Bcrypt.hash_pwd_salt(password)
IO.puts(hash)
end
def run([]) do
IO.puts(:stderr, """
Usage: mix break_glass.gen_hash <plaintext_password>
Example:
mix break_glass.gen_hash "my_secret_password"
The bcrypt hash will be printed to stdout.
""")
System.halt(1)
end
end