K3S-HOME/security
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

REFACTOR(secrets): flatten Vault paths

Browse Source 
- Change secret paths from <category>/<app> to <app>
- databases/postgresql → postgresql
- cluster-infrastructure/authelia → authelia
This commit is contained in:
Mayne0213
2026-01-06 16:53:10 +09:00
parent 677214b848
commit 384d73d1fa
1 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
authelia/manifests/secret.yaml
View File

@@ -15,45 +15,45 @@ spec:
# Storage password (PostgreSQL)
- secretKey: storage.postgres.password.txt
remoteRef:
key: databases/postgresql
key: postgresql
property: PASSWORD
# Session encryption key
- secretKey: session.encryption.key
remoteRef:
key: cluster-infrastructure/authelia
key: authelia
property: SESSION_SECRET
# Storage encryption key
- secretKey: storage.encryption.key
remoteRef:
key: cluster-infrastructure/authelia
key: authelia
property: STORAGE_ENCRYPTION_KEY
# JWT HMAC key for identity validation (password reset)
- secretKey: identity_validation.reset_password.jwt.hmac.key
remoteRef:
key: cluster-infrastructure/authelia
key: authelia
property: JWT_HMAC_KEY
# OIDC HMAC key
- secretKey: identity_providers.oidc.hmac.key
remoteRef:
key: cluster-infrastructure/authelia
key: authelia
property: OIDC_HMAC_SECRET
# OIDC JWKS private key
- secretKey: identity_providers.oidc.jwks.key
remoteRef:
key: cluster-infrastructure/authelia
key: authelia
property: OIDC_JWKS_PRIVATE_KEY
# Headlamp OIDC client secret
- secretKey: HEADLAMP_CLIENT_SECRET
remoteRef:
key: cluster-infrastructure/authelia
key: authelia
property: HEADLAMP_CLIENT_SECRET
# Vault OIDC client secret
- secretKey: VAULT_CLIENT_SECRET
remoteRef:
key: cluster-infrastructure/authelia
key: authelia
property: VAULT_CLIENT_SECRET
# Immich OIDC client secret
- secretKey: IMMICH_CLIENT_SECRET
remoteRef:
key: cluster-infrastructure/authelia
key: authelia
property: IMMICH_CLIENT_SECRET