54 lines
2.0 KiB
Smarty
54 lines
2.0 KiB
Smarty
|
{{/* Define the secrets */}}
|
||
|
{{- define "authelia.secrets" -}}
|
||
|
{{- $basename := include "tc.v1.common.lib.chart.names.fullname" $ -}}
|
||
|
{{- $fetchname := printf "%s-authelia-secrets" $basename -}}
|
||
|
|
||
|
{{/* Initialize all keys */}}
|
||
|
{{- $oidckey := genPrivateKey "rsa" }}
|
||
|
{{- $oidcsecret := randAlphaNum 32 }}
|
||
|
{{- $jwtsecret := randAlphaNum 50 }}
|
||
|
{{- $sessionsecret := randAlphaNum 50 }}
|
||
|
{{- $encryptionkey := randAlphaNum 100 }}
|
||
|
|
||
|
enabled: true
|
||
|
data:
|
||
|
{{ with (lookup "v1" "Secret" .Release.Namespace $fetchname) }}
|
||
|
{{/* Get previous values and decode */}}
|
||
|
{{ $sessionsecret = (index .data "SESSION_ENCRYPTION_KEY") | b64dec }}
|
||
|
{{ $jwtsecret = (index .data "JWT_TOKEN") | b64dec }}
|
||
|
{{ $encryptionkey = (index .data "ENCRYPTION_KEY") | b64dec }}
|
||
|
|
||
|
{{/* Check if those keys ever existed. as OIDC is optional */}}
|
||
|
{{ if and (hasKey .data "OIDC_PRIVATE_KEY") (hasKey .data "OIDC_HMAC_SECRET") }}
|
||
|
{{ $oidckey = (index .data "OIDC_PRIVATE_KEY") | b64dec }}
|
||
|
{{ $oidcsecret = (index .data "OIDC_HMAC_SECRET") | b64dec }}
|
||
|
{{ end }}
|
||
|
{{ end }}
|
||
|
SESSION_ENCRYPTION_KEY: {{ $sessionsecret }}
|
||
|
JWT_TOKEN: {{ $jwtsecret }}
|
||
|
ENCRYPTION_KEY: {{ $encryptionkey }}
|
||
|
|
||
|
{{- if .Values.authentication_backend.ldap.enabled }}
|
||
|
LDAP_PASSWORD: {{ .Values.authentication_backend.ldap.plain_password | quote }}
|
||
|
{{- end }}
|
||
|
|
||
|
{{- if and .Values.notifier.smtp.enabled .Values.notifier.smtp.plain_password }}
|
||
|
SMTP_PASSWORD: {{ .Values.notifier.smtp.plain_password | quote }}
|
||
|
{{- end }}
|
||
|
|
||
|
{{- if .Values.duo_api.enabled }}
|
||
|
DUO_API_KEY: {{ .Values.duo_api.plain_api_key | quote }}
|
||
|
{{- end }}
|
||
|
|
||
|
STORAGE_PASSWORD: {{ $.Values.cnpg.main.creds.password | trimAll "\"" }}
|
||
|
|
||
|
REDIS_PASSWORD: {{ .Values.redis.creds.redisPassword | trimAll "\"" }}
|
||
|
{{- if .Values.redisProvider.high_availability.enabled }}
|
||
|
REDIS_SENTINEL_PASSWORD: {{ .Values.redis.sentinelPassword | trimAll "\"" }}
|
||
|
{{- end }}
|
||
|
|
||
|
OIDC_PRIVATE_KEY: |
|
||
|
{{- $oidckey | nindent 4 }}
|
||
|
OIDC_HMAC_SECRET: {{ $oidcsecret }}
|
||
|
{{- end -}}
|