FIX(authelia): fix Authelia secret key names

- Update key names to match chart expectations
- Fix ExternalSecret configuration

authelia/helm-values.yaml

@@ -18,17 +18,11 @@ pod:
     - name: users-database
       configMap:
         name: authelia-config
-    - name: oidc-clients
-      secret:
-        secretName: authelia-oidc-clients
   extraVolumeMounts:
     - name: users-database
       mountPath: /config/users_database.yml
       subPath: users_database.yml
       readOnly: true
-    - name: oidc-clients
-      mountPath: /secrets/oidc
-      readOnly: true
 
 # ConfigMap configuration
 configMap:
@@ -77,32 +71,6 @@ configMap:
     enabled: true
     issuer: mayne.kro.kr
 
-  # Identity providers (OIDC)
-  identity_providers:
-    oidc:
-      enabled: true
-      cors:
-        endpoints:
-          - authorization
-          - token
-          - revocation
-          - introspection
-          - userinfo
-        allowed_origins_from_client_redirect_uris: true
-      clients:
-        - client_id: minio
-          client_name: MinIO Console
-          client_secret: '$plaintext${{ secret "/secrets/oidc/MINIO_CLIENT_SECRET" }}'
-          authorization_policy: one_factor
-          redirect_uris:
-            - https://minio.minio0213.kro.kr/oauth_callback
-            - https://minio0213.kro.kr/oauth_callback
-          scopes:
-            - openid
-            - profile
-            - email
-          token_endpoint_auth_method: client_secret_post
-
 # Secret configuration - use existing secret from Vault
 secret:
   existingSecret: authelia-secrets

authelia/vault/authelia-secrets.yaml

@@ -13,51 +13,22 @@ spec:
     creationPolicy: Owner
   data:
     # Storage password (PostgreSQL)
-    - secretKey: STORAGE_PASSWORD
+    - secretKey: storage.postgres.password.txt
       remoteRef:
         key: databases/postgresql
         property: PASSWORD
-    # Session secret
+    # Session encryption key
-    - secretKey: SESSION_SECRET
+    - secretKey: session.encryption.key
       remoteRef:
         key: cluster-infrastructure/authelia
         property: SESSION_SECRET
     # Storage encryption key
-    - secretKey: STORAGE_ENCRYPTION_KEY
+    - secretKey: storage.encryption.key
       remoteRef:
         key: cluster-infrastructure/authelia
         property: STORAGE_ENCRYPTION_KEY
-    # OIDC HMAC secret
-    - secretKey: IDENTITY_PROVIDERS_OIDC_HMAC_SECRET
-      remoteRef:
-        key: cluster-infrastructure/authelia
-        property: OIDC_HMAC_SECRET
-    # OIDC JWKS private key (base64 encoded)
-    - secretKey: IDENTITY_PROVIDERS_OIDC_JWKS_KEY
-      remoteRef:
-        key: cluster-infrastructure/authelia
-        property: OIDC_JWKS_PRIVATE_KEY
     # JWT HMAC key for identity validation (password reset)
     - secretKey: identity_validation.reset_password.jwt.hmac.key
       remoteRef:
         key: cluster-infrastructure/authelia
         property: JWT_HMAC_KEY
----
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: authelia-oidc-clients
-  namespace: authelia
-spec:
-  refreshInterval: 1h
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault-backend
-  target:
-    name: authelia-oidc-clients
-    creationPolicy: Owner
-  data:
-    - secretKey: MINIO_CLIENT_SECRET
-      remoteRef:
-        key: databases/minio
-        property: OIDC_CLIENT_SECRET