Mayne0213
2cfcc586be
- authelia: postgresql → storage/postgresql, authelia → security/authelia - external-secrets: zot → storage/zot (ClusterExternalSecret) - vault: secret/data/vault/config → security/vault, authelia → security/authelia Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
60 lines
1.7 KiB
YAML
60 lines
1.7 KiB
YAML
apiVersion: external-secrets.io/v1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: authelia-secrets
|
|
namespace: authelia
|
|
spec:
|
|
refreshInterval: 1h
|
|
secretStoreRef:
|
|
kind: ClusterSecretStore
|
|
name: vault-backend
|
|
target:
|
|
name: authelia-secrets
|
|
creationPolicy: Owner
|
|
data:
|
|
# Storage password (PostgreSQL)
|
|
- secretKey: storage.postgres.password.txt
|
|
remoteRef:
|
|
key: storage/postgresql
|
|
property: PASSWORD
|
|
# Session encryption key
|
|
- secretKey: session.encryption.key
|
|
remoteRef:
|
|
key: security/authelia
|
|
property: SESSION_SECRET
|
|
# Storage encryption key
|
|
- secretKey: storage.encryption.key
|
|
remoteRef:
|
|
key: security/authelia
|
|
property: STORAGE_ENCRYPTION_KEY
|
|
# JWT HMAC key for identity validation (password reset)
|
|
- secretKey: identity_validation.reset_password.jwt.hmac.key
|
|
remoteRef:
|
|
key: security/authelia
|
|
property: JWT_HMAC_KEY
|
|
# OIDC HMAC key
|
|
- secretKey: identity_providers.oidc.hmac.key
|
|
remoteRef:
|
|
key: security/authelia
|
|
property: OIDC_HMAC_SECRET
|
|
# OIDC JWKS private key
|
|
- secretKey: identity_providers.oidc.jwks.key
|
|
remoteRef:
|
|
key: security/authelia
|
|
property: OIDC_JWKS_PRIVATE_KEY
|
|
# Headlamp OIDC client secret
|
|
- secretKey: HEADLAMP_CLIENT_SECRET
|
|
remoteRef:
|
|
key: security/authelia
|
|
property: HEADLAMP_CLIENT_SECRET
|
|
# Vault OIDC client secret
|
|
- secretKey: VAULT_CLIENT_SECRET
|
|
remoteRef:
|
|
key: security/authelia
|
|
property: VAULT_CLIENT_SECRET
|
|
# Zot OIDC client secret
|
|
- secretKey: ZOT_CLIENT_SECRET
|
|
remoteRef:
|
|
key: security/authelia
|
|
property: ZOT_CLIENT_SECRET
|