How do I change the permissions of a file created in a script without using sudo?

Question

I've got the following docker-compose file that creates a Cassandra cluster with SSL enabled. I have to mount the keystore and truststore files with a volume.

version: "3.3"
services:
  cassandra-one:
    image: bitnami/cassandra:3.11
    ports:
      - "9042:9042"
    environment:
      MAX_HEAP_SIZE: "400M"
      MIN_HEAP_SIZE: "400M"
      HEAP_NEWSIZE: "48M"
      CASSANDRA_ENABLE_SCRIPTED_USER_DEFINED_FUNCTIONS: "true"
      CASSANDRA_ENABLE_USER_DEFINED_FUNCTIONS: "true"
      CASSANDRA_KEYSTORE_PASSWORD: "password"
      CASSANDRA_TRUSTSTORE_PASSWORD: "password"
      CASSANDRA_CLIENT_ENCRYPTION: "true"
    volumes:
      - ./keystore.p12:/bitnami/cassandra/secrets/keystore
      - ./truststore.p12:/bitnami/cassandra/secrets/truststore

I use the following script to generate the key files needed.

#!/bin/bash

# Generate localhost_CA and localhost certs/keys
openssl genrsa -out localhost_CA.key 4096
openssl req -x509 -new -config localhost_CA.cfg -key localhost_CA.key -days 9999 -out localhost_CA.crt
openssl genrsa -out localhost.key 4096
openssl req -new -config localhost.cfg -key localhost.key -days 9999 -out localhost.csr
openssl x509 -req -in localhost.csr -CA localhost_CA.crt -CAkey localhost_CA.key -CAcreateserial -days 9999 -out localhost.crt


# generate keystore
openssl pkcs12 -export -out keystore.p12 -inkey localhost.key -in localhost.crt -passout pass:password
keytool -importkeystore -destkeystore keystore.jks -srcstoretype PKCS12 -srckeystore keystore.p12 -deststorepass "password" -srcstorepass "password"

# generate truststore
openssl pkcs12 -export -out truststore.p12 -inkey localhost.key -in localhost.crt -passout pass:password
keytool -importkeystore -destkeystore truststore.jks -srcstoretype PKCS12 -srckeystore truststore.p12 -deststorepass "password" -srcstorepass "password"

When I run docker-compose up I get the following error:

stackoverflow-example-cassandra-one-1  | Importing keystore /bitnami/cassandra/secrets/keystore to /opt/bitnami/cassandra/tmp/keystore.p12...
stackoverflow-example-cassandra-one-1  | keytool error: java.io.FileNotFoundException: /bitnami/cassandra/secrets/keystore (Permission denied)

So I have to run the following commands to fix the error and the services to start properly. This gives the files read permissions to the docker user (1001).

sudo chown -R 1001 keystore.p12
sudo chown -R 1001 truststore.p12

How can I do this step in the script without using sudo?

Below I'll put the *.cfg files so the script for generating the keys can be used.

localhost.cfg

[req]
encrypt_key = no
default_bits = 4096
prompt = no
default_md = sha256
distinguished_name = dn

[dn]
CN = localhost

localhost_CA.cfg

[dn]
C = US
ST = CA
L = Los Angeles
O = stackoverflow.com
CN = stackoverflow.com Test CA

[ca]
default_ca = stackoverflow_CA

[Shotover_CA]
private_key = Stackoverflow_CA.key
certificate = Stackoverflow_CA.crt
new_certs_dir = certs/new/
database = certs/database
RANDFILE = certs/.rand
default_md = sha256
policy = policy_anything
email_in_dn = false
serial = certs/serial
default_days = 365
x509_extensions = v3_ca

[policy_anything]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional

[v3_ca]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always
basicConstraints = critical, CA:true
keyUsage = digitalSignature,keyEncipherment,cRLSign,keyCertSign
extendedKeyUsage = serverAuth

[ v3_intermediate_ca ]
# Extensions for a typical intermediate CA (`man x509v3_config`).
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
basicConstraints = critical, CA:true, pathlen:0
keyUsage = critical, digitalSignature, cRLSign, keyCertSign