K3S-HOME/security
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: update Vault secret paths to new categorized structure

Browse Source 
- authelia: postgresql → storage/postgresql, authelia → security/authelia
- external-secrets: zot → storage/zot (ClusterExternalSecret)
- vault: secret/data/vault/config → security/vault, authelia → security/authelia

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Mayne0213
2026-01-11 22:36:33 +09:00
parent 5e717ff9b1
commit 2cfcc586be
4 changed files with 13 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
authelia/manifests/secret.yaml
View File

@@ -15,45 +15,45 @@ spec:
# Storage password (PostgreSQL) # Storage password (PostgreSQL)
- secretKey: storage.postgres.password.txt - secretKey: storage.postgres.password.txt
remoteRef: remoteRef:
key: postgresql key: storage/postgresql
property: PASSWORD property: PASSWORD
# Session encryption key # Session encryption key
- secretKey: session.encryption.key - secretKey: session.encryption.key
remoteRef: remoteRef:
key: authelia key: security/authelia
property: SESSION_SECRET property: SESSION_SECRET
# Storage encryption key # Storage encryption key
- secretKey: storage.encryption.key - secretKey: storage.encryption.key
remoteRef: remoteRef:
key: authelia key: security/authelia
property: STORAGE_ENCRYPTION_KEY property: STORAGE_ENCRYPTION_KEY
# JWT HMAC key for identity validation (password reset) # JWT HMAC key for identity validation (password reset)
- secretKey: identity_validation.reset_password.jwt.hmac.key - secretKey: identity_validation.reset_password.jwt.hmac.key
remoteRef: remoteRef:
key: authelia key: security/authelia
property: JWT_HMAC_KEY property: JWT_HMAC_KEY
# OIDC HMAC key # OIDC HMAC key
- secretKey: identity_providers.oidc.hmac.key - secretKey: identity_providers.oidc.hmac.key
remoteRef: remoteRef:
key: authelia key: security/authelia
property: OIDC_HMAC_SECRET property: OIDC_HMAC_SECRET
# OIDC JWKS private key # OIDC JWKS private key
- secretKey: identity_providers.oidc.jwks.key - secretKey: identity_providers.oidc.jwks.key
remoteRef: remoteRef:
key: authelia key: security/authelia
property: OIDC_JWKS_PRIVATE_KEY property: OIDC_JWKS_PRIVATE_KEY
# Headlamp OIDC client secret # Headlamp OIDC client secret
- secretKey: HEADLAMP_CLIENT_SECRET - secretKey: HEADLAMP_CLIENT_SECRET
remoteRef: remoteRef:
key: authelia key: security/authelia
property: HEADLAMP_CLIENT_SECRET property: HEADLAMP_CLIENT_SECRET
# Vault OIDC client secret # Vault OIDC client secret
- secretKey: VAULT_CLIENT_SECRET - secretKey: VAULT_CLIENT_SECRET
remoteRef: remoteRef:
key: authelia key: security/authelia
property: VAULT_CLIENT_SECRET property: VAULT_CLIENT_SECRET
# Zot OIDC client secret # Zot OIDC client secret
- secretKey: ZOT_CLIENT_SECRET - secretKey: ZOT_CLIENT_SECRET
remoteRef: remoteRef:
key: authelia key: security/authelia
property: ZOT_CLIENT_SECRET property: ZOT_CLIENT_SECRET

4
external-secrets/manifests/zot-cluster-secret.yaml
View File

@@ -23,9 +23,9 @@ spec:
data: data:
- secretKey: USERNAME - secretKey: USERNAME
remoteRef: remoteRef:
key: zot key: storage/zot
property: USERNAME property: USERNAME
- secretKey: PASSWORD - secretKey: PASSWORD
remoteRef: remoteRef:
key: zot key: storage/zot
property: PASSWORD property: PASSWORD

2
vault/manifests/external-secret.yaml
View File

@@ -14,5 +14,5 @@ spec:
data: data:
- secretKey: extraconfig-from-values.hcl - secretKey: extraconfig-from-values.hcl
remoteRef: remoteRef:
key: secret/data/vault/config key: security/vault
property: extraconfig-from-values.hcl property: extraconfig-from-values.hcl

2
vault/manifests/oidc-secret.yaml
View File

@@ -14,5 +14,5 @@ spec:
data: data:
- secretKey: VAULT_CLIENT_SECRET - secretKey: VAULT_CLIENT_SECRET
remoteRef: remoteRef:
key: authelia key: security/authelia
property: VAULT_CLIENT_SECRET property: VAULT_CLIENT_SECRET