K3S-HOME/security
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
de5183469ebb44e01fbf16b8e1c64ddb794ba99b
security/authelia/vault/authelia-secrets.yaml
Mayne0213 de5183469e FEAT(authelia): add JWT_HMAC_KEY to ExternalSecret 
- Add JWT_HMAC_KEY for password reset functionality
- Update ExternalSecret configuration
2026-01-04 23:41:39 +09:00

64 lines
1.7 KiB
YAML
Raw Blame History

apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: authelia-secrets
namespace: authelia
spec:
refreshInterval: 1h
secretStoreRef:
kind: ClusterSecretStore
name: vault-backend
target:
name: authelia-secrets
creationPolicy: Owner
data:
# Storage password (PostgreSQL)
- secretKey: STORAGE_PASSWORD
remoteRef:
key: databases/postgresql
property: PASSWORD
# Session secret
- secretKey: SESSION_SECRET
remoteRef:
key: cluster-infrastructure/authelia
property: SESSION_SECRET
# Storage encryption key
- secretKey: STORAGE_ENCRYPTION_KEY
remoteRef:
key: cluster-infrastructure/authelia
property: STORAGE_ENCRYPTION_KEY
# OIDC HMAC secret
- secretKey: IDENTITY_PROVIDERS_OIDC_HMAC_SECRET
remoteRef:
key: cluster-infrastructure/authelia
property: OIDC_HMAC_SECRET
# OIDC JWKS private key (base64 encoded)
- secretKey: IDENTITY_PROVIDERS_OIDC_JWKS_KEY
remoteRef:
key: cluster-infrastructure/authelia
property: OIDC_JWKS_PRIVATE_KEY
# JWT HMAC key for identity validation (password reset)
- secretKey: identity_validation.reset_password.jwt.hmac.key
remoteRef:
key: cluster-infrastructure/authelia
property: JWT_HMAC_KEY
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: authelia-oidc-clients
namespace: authelia
spec:
refreshInterval: 1h
secretStoreRef:
kind: ClusterSecretStore
name: vault-backend
target:
name: authelia-oidc-clients
creationPolicy: Owner
data:
- secretKey: MINIO_CLIENT_SECRET
remoteRef:
key: databases/minio
property: OIDC_CLIENT_SECRET
Reference in New Issue View Git Blame Copy Permalink