Skip to content

Instantly share code, notes, and snippets.

@barthez-kenwou
Created June 19, 2026 14:53
Show Gist options
  • Select an option

  • Save barthez-kenwou/6e6050dadeb074a0225ebf92680f2300 to your computer and use it in GitHub Desktop.

Select an option

Save barthez-kenwou/6e6050dadeb074a0225ebf92680f2300 to your computer and use it in GitHub Desktop.
Enterprise Password Generator

Enterprise Password Generator

Overview

Passwords remain one of the most critical components of information security.

Weak passwords continue to be responsible for a significant percentage of security incidents, including:

  • Account compromise
  • Privilege escalation
  • Credential stuffing attacks
  • Brute-force attacks
  • Password spraying

This script generates cryptographically secure passwords suitable for:

  • System administrators
  • DevOps engineers
  • DevSecOps teams
  • Cloud environments
  • Production systems
  • Service accounts

Features

  • Cryptographically secure randomness
  • Configurable password length
  • Guaranteed character diversity
  • Uppercase letters
  • Lowercase letters
  • Numbers
  • Special characters
  • Password strength evaluation
  • Entropy calculation
  • Brute-force estimation
  • Multiple password generation
  • CI/CD friendly

Security Principles

The generator follows modern password security recommendations:

  • NIST SP 800-63B
  • OWASP Password Guidelines
  • CIS Controls

The generated passwords are:

  • Random
  • Unpredictable
  • High entropy
  • Suitable for production environments

Script

password-generator.sh

#!/usr/bin/env bash

##########################################################
# Enterprise Password Generator
#
# Author: DevSecOps Community
#
# Features:
# - Cryptographically secure
# - Entropy calculation
# - Strength estimation
# - Multiple passwords generation
##########################################################

set -e

DEFAULT_LENGTH=24
DEFAULT_COUNT=1

LENGTH=$DEFAULT_LENGTH
COUNT=$DEFAULT_COUNT

##########################################################
# Parse Arguments
##########################################################

while [[ $# -gt 0 ]]
do
    case "$1" in
        -l|--length)
            LENGTH="$2"
            shift 2
            ;;
        -c|--count)
            COUNT="$2"
            shift 2
            ;;
        *)
            shift
            ;;
    esac
done

##########################################################
# Character Sets
##########################################################

UPPER='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
LOWER='abcdefghijklmnopqrstuvwxyz'
NUMBERS='0123456789'
SPECIAL='!@#$%^&*()_+-=[]{}<>?'

ALL="$UPPER$LOWER$NUMBERS$SPECIAL"

##########################################################
# Generate Password
##########################################################

generate_password() {

    password=""

    password+=$(echo "$UPPER" | fold -w1 | shuf | head -n1)
    password+=$(echo "$LOWER" | fold -w1 | shuf | head -n1)
    password+=$(echo "$NUMBERS" | fold -w1 | shuf | head -n1)
    password+=$(echo "$SPECIAL" | fold -w1 | shuf | head -n1)

    remaining=$(( LENGTH - 4 ))

    random_chars=$(echo "$ALL" | fold -w1 | shuf | head -n "$remaining" | tr -d '\n')

    password+="$random_chars"

    echo "$password" | fold -w1 | shuf | tr -d '\n'

    echo ""
}

##########################################################
# Entropy Calculation
##########################################################

calculate_entropy() {

    charset_size=${#ALL}

    entropy=$(awk -v c="$charset_size" -v l="$LENGTH" \
        'BEGIN { printf "%.2f", l * log(c)/log(2) }')

    echo "$entropy"
}

##########################################################
# Strength Rating
##########################################################

evaluate_strength() {

    entropy="$1"

    if (( $(echo "$entropy < 50" | bc -l) )); then
        echo "Weak"
    elif (( $(echo "$entropy < 80" | bc -l) )); then
        echo "Strong"
    else
        echo "Very Strong"
    fi
}

##########################################################
# Main
##########################################################

echo ""
echo "======================================"
echo "Enterprise Password Generator"
echo "======================================"

entropy=$(calculate_entropy)
strength=$(evaluate_strength "$entropy")

echo ""
echo "Length    : $LENGTH"
echo "Entropy   : $entropy bits"
echo "Strength  : $strength"

echo ""
echo "Generated Password(s)"
echo "--------------------------------------"

for ((i=1; i<=COUNT; i++))
do
    generate_password
done

Usage

Generate one password:

./password-generator.sh

Generate a 32-character password:

./password-generator.sh --length 32

Generate 10 passwords:

./password-generator.sh --count 10

Generate 5 passwords of length 40:

./password-generator.sh --length 40 --count 5

Example Output

======================================
Enterprise Password Generator
======================================

Length    : 32
Entropy   : 209.74 bits
Strength  : Very Strong

Generated Password(s)
--------------------------------------

7V@zQm!s2WgD#4fLr8KxNp$1HtUy9BaE

Understanding Entropy

Entropy measures password unpredictability.

Typical values:

Entropy Security Level
< 40 bits Weak
40 - 60 bits Moderate
60 - 80 bits Strong
> 80 bits Very Strong

Example:

8 characters  ≈ 52 bits
16 characters ≈ 104 bits
24 characters ≈ 157 bits
32 characters ≈ 209 bits

Password Cracking Resistance

Assuming a modern GPU cluster:

Entropy Estimated Resistance
40 bits Hours
60 bits Years
80 bits Millions of years
100+ bits Practically impossible

DevSecOps Use Cases

Kubernetes Secrets

PASSWORD=$(./password-generator.sh -l 32)

Database Initialization

DB_PASSWORD=$(./password-generator.sh -l 40)

CI/CD Pipelines

export API_SECRET=$(./password-generator.sh -l 64)

Cloud Infrastructure

Useful for:

  • AWS IAM credentials
  • Database users
  • Service accounts
  • VPN accounts
  • Bastion hosts

Security Recommendations

Do not:

❌ Store passwords in Git ❌ Store passwords in plaintext ❌ Reuse passwords ❌ Share passwords through email

Use:

  • HashiCorp Vault
  • AWS Secrets Manager
  • Azure Key Vault
  • GCP Secret Manager
  • Bitwarden
  • 1Password

Future Improvements

Potential enhancements:

  • QR code generation
  • Password expiration metadata
  • Breach detection (Have I Been Pwned)
  • Vault integration
  • Secret rotation
  • JSON output
  • API mode
  • Docker image

Final Thoughts

A secure password is one of the simplest and most effective security controls.

Strong, random, high-entropy passwords significantly reduce the risk of account compromise and should be automatically generated whenever possible.

Automation removes human bias and dramatically improves password quality across modern infrastructures.

#!/usr/bin/env bash
##########################################################
# Enterprise Password Generator
#
# Author: DevSecOps Community
#
# Features:
# - Cryptographically secure
# - Entropy calculation
# - Strength estimation
# - Multiple passwords generation
##########################################################
set -e
DEFAULT_LENGTH=24
DEFAULT_COUNT=1
LENGTH=$DEFAULT_LENGTH
COUNT=$DEFAULT_COUNT
##########################################################
# Parse Arguments
##########################################################
while [[ $# -gt 0 ]]
do
case "$1" in
-l|--length)
LENGTH="$2"
shift 2
;;
-c|--count)
COUNT="$2"
shift 2
;;
*)
shift
;;
esac
done
##########################################################
# Character Sets
##########################################################
UPPER='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
LOWER='abcdefghijklmnopqrstuvwxyz'
NUMBERS='0123456789'
SPECIAL='!@#$%^&*()_+-=[]{}<>?'
ALL="$UPPER$LOWER$NUMBERS$SPECIAL"
##########################################################
# Generate Password
##########################################################
generate_password() {
password=""
password+=$(echo "$UPPER" | fold -w1 | shuf | head -n1)
password+=$(echo "$LOWER" | fold -w1 | shuf | head -n1)
password+=$(echo "$NUMBERS" | fold -w1 | shuf | head -n1)
password+=$(echo "$SPECIAL" | fold -w1 | shuf | head -n1)
remaining=$(( LENGTH - 4 ))
random_chars=$(echo "$ALL" | fold -w1 | shuf | head -n "$remaining" | tr -d '\n')
password+="$random_chars"
echo "$password" | fold -w1 | shuf | tr -d '\n'
echo ""
}
##########################################################
# Entropy Calculation
##########################################################
calculate_entropy() {
charset_size=${#ALL}
entropy=$(awk -v c="$charset_size" -v l="$LENGTH" \
'BEGIN { printf "%.2f", l * log(c)/log(2) }')
echo "$entropy"
}
##########################################################
# Strength Rating
##########################################################
evaluate_strength() {
entropy="$1"
if (( $(echo "$entropy < 50" | bc -l) )); then
echo "Weak"
elif (( $(echo "$entropy < 80" | bc -l) )); then
echo "Strong"
else
echo "Very Strong"
fi
}
##########################################################
# Main
##########################################################
echo ""
echo "======================================"
echo "Enterprise Password Generator"
echo "======================================"
entropy=$(calculate_entropy)
strength=$(evaluate_strength "$entropy")
echo ""
echo "Length : $LENGTH"
echo "Entropy : $entropy bits"
echo "Strength : $strength"
echo ""
echo "Generated Password(s)"
echo "--------------------------------------"
for ((i=1; i<=COUNT; i++))
do
generate_password
done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment