Search moodle.org's
Developer Documentation

See Release Notes
Long Term Support Release

  • Bug fixes for general core bugs in 4.1.x will end 13 November 2023 (12 months).
  • Bug fixes for security issues in 4.1.x will end 10 November 2025 (36 months).
  • PHP version: minimum PHP 7.4.0 Note: minimum PHP version has increased since Moodle 4.0. PHP 8.0.x is supported too.

Differences Between: [Versions 401 and 403]

   1  <?php
   2  // This file is part of Moodle - http://moodle.org/
   3  //
   4  // Moodle is free software: you can redistribute it and/or modify
   5  // it under the terms of the GNU General Public License as published by
   6  // the Free Software Foundation, either version 3 of the License, or
   7  // (at your option) any later version.
   8  //
   9  // Moodle is distributed in the hope that it will be useful,
  10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  // GNU General Public License for more details.
  13  //
  14  // You should have received a copy of the GNU General Public License
  15  // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16  
  17  /**
  18   * Generates a secure key for the current server (presuming it does not already exist).
  19   *
  20   * @package core_admin
  21   * @copyright 2020 The Open University
  22   * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  23   */
  24  
  25  use \core\encryption;
  26  
  27  define('CLI_SCRIPT', true);
  28  
  29  require(__DIR__ . '/../../config.php');
  30  require_once($CFG->libdir . '/clilib.php');
  31  
  32  // Get cli options.
  33  [$options, $unrecognized] = cli_get_params(
  34          ['help' => false, 'method' => null],
  35          ['h' => 'help']);
  36  
  37  if ($unrecognized) {
  38      $unrecognized = implode("\n  ", $unrecognized);
  39      cli_error(get_string('cliunknowoption', 'admin', $unrecognized));
  40  }
  41  
  42  // TODO: MDL-71421 - Remove the openssl alternative once sodium becomes a requirement in Moodle 4.2.
  43  
  44  if ($options['help']) {
  45      echo "Generate secure key
  46  
  47  This script manually creates a secure key within the secret data root folder (configured in
  48  config.php as \$CFG->secretdataroot). You must run it using an account with access to write
  49  to that folder.
  50  
  51  In normal use Moodle automatically creates the key; this script is intended when setting up
  52  a new Moodle system, for cases where the secure folder is not on shared storage and the key
  53  may be manually installed on multiple servers.
  54  
  55  Options:
  56  -h, --help         Print out this help
  57  --method <method>  Generate key for specified encryption method instead of default.
  58                     * sodium
  59                     * openssl-aes-256-ctr
  60  
  61  Example:
  62  php admin/cli/generate_key.php
  63  ";
  64      exit;
  65  }
  66  
  67  $method = $options['method'];
  68  
  69  if (encryption::key_exists($method)) {
  70      echo 'Key already exists: ' . encryption::get_key_file($method) . "\n";
  71      exit;
  72  }
  73  
  74  // Creates key with default permissions (no chmod).
  75  echo "Generating key...\n";
  76  encryption::create_key($method, false);
  77  
  78  echo "\nKey created: " . encryption::get_key_file($method) . "\n\n";
  79  echo "If the key folder is not shared storage, then key files should be copied to all servers.\n";