FIX(vault): fix OIDC HMAC secret key name

- Change key name from secret to key
- Fix Vault secret reference

authelia/helm-values.yaml

@@ -18,11 +18,21 @@ pod:
     - name: users-database
       configMap:
         name: authelia-config
+    - name: oidc-secrets
+      secret:
+        secretName: authelia-secrets
+        items:
+          - key: HEADLAMP_CLIENT_SECRET
+            path: HEADLAMP_CLIENT_SECRET
   extraVolumeMounts:
     - name: users-database
       mountPath: /config/users_database.yml
       subPath: users_database.yml
       readOnly: true
+    - name: oidc-secrets
+      mountPath: /secrets/HEADLAMP_CLIENT_SECRET
+      subPath: HEADLAMP_CLIENT_SECRET
+      readOnly: true
 
 # ConfigMap configuration
 configMap:
@@ -86,7 +96,8 @@ configMap:
       clients:
         - client_id: headlamp
           client_name: Headlamp
-          client_secret: '$plaintext${{ secret "HEADLAMP_CLIENT_SECRET" }}'
+          client_secret:
+            path: /secrets/HEADLAMP_CLIENT_SECRET
           public: false
           authorization_policy: one_factor
           redirect_uris:

authelia/vault/authelia-secrets.yaml

@@ -32,8 +32,8 @@ spec:
       remoteRef:
         key: cluster-infrastructure/authelia
         property: JWT_HMAC_KEY
-    # OIDC HMAC secret
+    # OIDC HMAC key
-    - secretKey: identity_providers.oidc.hmac.secret
+    - secretKey: identity_providers.oidc.hmac.key
       remoteRef:
         key: cluster-infrastructure/authelia
         property: OIDC_HMAC_SECRET