From ef317350609c08936f1fac7dcdd7e14c59b8d160 Mon Sep 17 00:00:00 2001 From: Mayne0213 Date: Fri, 2 Jan 2026 19:35:00 +0900 Subject: [PATCH] FIX(vault): fix OIDC HMAC secret key name - Change key name from secret to key - Fix Vault secret reference --- authelia/helm-values.yaml | 13 ++++++++++++- authelia/vault/authelia-secrets.yaml | 4 ++-- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/authelia/helm-values.yaml b/authelia/helm-values.yaml index 3a92b6c..c6618d4 100644 --- a/authelia/helm-values.yaml +++ b/authelia/helm-values.yaml @@ -18,11 +18,21 @@ pod: - name: users-database configMap: name: authelia-config + - name: oidc-secrets + secret: + secretName: authelia-secrets + items: + - key: HEADLAMP_CLIENT_SECRET + path: HEADLAMP_CLIENT_SECRET extraVolumeMounts: - name: users-database mountPath: /config/users_database.yml subPath: users_database.yml readOnly: true + - name: oidc-secrets + mountPath: /secrets/HEADLAMP_CLIENT_SECRET + subPath: HEADLAMP_CLIENT_SECRET + readOnly: true # ConfigMap configuration configMap: @@ -86,7 +96,8 @@ configMap: clients: - client_id: headlamp client_name: Headlamp - client_secret: '$plaintext${{ secret "HEADLAMP_CLIENT_SECRET" }}' + client_secret: + path: /secrets/HEADLAMP_CLIENT_SECRET public: false authorization_policy: one_factor redirect_uris: diff --git a/authelia/vault/authelia-secrets.yaml b/authelia/vault/authelia-secrets.yaml index 78fcbb9..ac32652 100644 --- a/authelia/vault/authelia-secrets.yaml +++ b/authelia/vault/authelia-secrets.yaml @@ -32,8 +32,8 @@ spec: remoteRef: key: cluster-infrastructure/authelia property: JWT_HMAC_KEY - # OIDC HMAC secret - - secretKey: identity_providers.oidc.hmac.secret + # OIDC HMAC key + - secretKey: identity_providers.oidc.hmac.key remoteRef: key: cluster-infrastructure/authelia property: OIDC_HMAC_SECRET