From 2cfcc586bef4be0299aacce2c9bb3e88df9c7629 Mon Sep 17 00:00:00 2001 From: Mayne0213 Date: Sun, 11 Jan 2026 22:36:33 +0900 Subject: [PATCH] refactor: update Vault secret paths to new categorized structure MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - authelia: postgresql → storage/postgresql, authelia → security/authelia - external-secrets: zot → storage/zot (ClusterExternalSecret) - vault: secret/data/vault/config → security/vault, authelia → security/authelia Co-Authored-By: Claude Opus 4.5 --- authelia/manifests/secret.yaml | 18 +++++++++--------- .../manifests/zot-cluster-secret.yaml | 4 ++-- vault/manifests/external-secret.yaml | 2 +- vault/manifests/oidc-secret.yaml | 2 +- 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/authelia/manifests/secret.yaml b/authelia/manifests/secret.yaml index 1762abb..e68f916 100644 --- a/authelia/manifests/secret.yaml +++ b/authelia/manifests/secret.yaml @@ -15,45 +15,45 @@ spec: # Storage password (PostgreSQL) - secretKey: storage.postgres.password.txt remoteRef: - key: postgresql + key: storage/postgresql property: PASSWORD # Session encryption key - secretKey: session.encryption.key remoteRef: - key: authelia + key: security/authelia property: SESSION_SECRET # Storage encryption key - secretKey: storage.encryption.key remoteRef: - key: authelia + key: security/authelia property: STORAGE_ENCRYPTION_KEY # JWT HMAC key for identity validation (password reset) - secretKey: identity_validation.reset_password.jwt.hmac.key remoteRef: - key: authelia + key: security/authelia property: JWT_HMAC_KEY # OIDC HMAC key - secretKey: identity_providers.oidc.hmac.key remoteRef: - key: authelia + key: security/authelia property: OIDC_HMAC_SECRET # OIDC JWKS private key - secretKey: identity_providers.oidc.jwks.key remoteRef: - key: authelia + key: security/authelia property: OIDC_JWKS_PRIVATE_KEY # Headlamp OIDC client secret - secretKey: HEADLAMP_CLIENT_SECRET remoteRef: - key: authelia + key: security/authelia property: HEADLAMP_CLIENT_SECRET # Vault OIDC client secret - secretKey: VAULT_CLIENT_SECRET remoteRef: - key: authelia + key: security/authelia property: VAULT_CLIENT_SECRET # Zot OIDC client secret - secretKey: ZOT_CLIENT_SECRET remoteRef: - key: authelia + key: security/authelia property: ZOT_CLIENT_SECRET diff --git a/external-secrets/manifests/zot-cluster-secret.yaml b/external-secrets/manifests/zot-cluster-secret.yaml index 2f16587..a8bf033 100644 --- a/external-secrets/manifests/zot-cluster-secret.yaml +++ b/external-secrets/manifests/zot-cluster-secret.yaml @@ -23,9 +23,9 @@ spec: data: - secretKey: USERNAME remoteRef: - key: zot + key: storage/zot property: USERNAME - secretKey: PASSWORD remoteRef: - key: zot + key: storage/zot property: PASSWORD diff --git a/vault/manifests/external-secret.yaml b/vault/manifests/external-secret.yaml index eb2d020..d03de6d 100644 --- a/vault/manifests/external-secret.yaml +++ b/vault/manifests/external-secret.yaml @@ -14,5 +14,5 @@ spec: data: - secretKey: extraconfig-from-values.hcl remoteRef: - key: secret/data/vault/config + key: security/vault property: extraconfig-from-values.hcl diff --git a/vault/manifests/oidc-secret.yaml b/vault/manifests/oidc-secret.yaml index 2274c26..4dfd272 100644 --- a/vault/manifests/oidc-secret.yaml +++ b/vault/manifests/oidc-secret.yaml @@ -14,5 +14,5 @@ spec: data: - secretKey: VAULT_CLIENT_SECRET remoteRef: - key: authelia + key: security/authelia property: VAULT_CLIENT_SECRET