♻️ remove hardcoded authelia secrets

2025-09-17 18:24:14 +02:00 · 2024-01-25 12:50:26 +01:00
parent 44d5719e78
commit c6c8ab1651
7 changed files with 31 additions and 25 deletions
--- a/kubernetes/apps/default/outline/app/externalsecret.yaml
+++ b/kubernetes/apps/default/outline/app/externalsecret.yaml
@@ -20,6 +20,7 @@ spec:
        SECRET_KEY: "{{ .OUTLINE_SECRET_KEY }}"
        UTILS_SECRET: "{{ .OUTLINE_UTILS_SECRET }}"
        DATABASE_URL: postgresql://{{ .POSTGRES_USER }}:{{ .POSTGRES_PASS }}@postgres.${SECRET_DOMAIN}:5432/outline
+        OIDC_CLIENT_SECRET: "{{ .OUTLINE_OAUTH_CLIENT_SECRET }}"
        PGSSLMODE: require
        # Postgres Init
        INIT_POSTGRES_DBNAME: outline
@@ -28,6 +29,8 @@ spec:
        INIT_POSTGRES_PASS: "{{ .POSTGRES_PASS }}"
        INIT_POSTGRES_SUPER_PASS: "{{ .POSTGRES_SUPER_PASS }}"
  dataFrom:
+    - extract:
+        key: authelia
    - extract:
        key: generic
    - extract:
--- a/kubernetes/apps/default/outline/app/helmrelease.yaml
+++ b/kubernetes/apps/default/outline/app/helmrelease.yaml
@@ -59,7 +59,6 @@ spec:
              FILE_STORAGE_UPLOAD_MAX_SIZE: "26214400"
              OIDC_AUTH_URI: "https://auth.${SECRET_CLUSTER_DOMAIN}/api/oidc/authorization"
              OIDC_CLIENT_ID: outline
-              OIDC_CLIENT_SECRET: "${SECRET_OUTLINE_OAUTH_CLIENT_SECRET}"
              OIDC_DISPLAY_NAME: Authelia
              OIDC_SCOPES: "openid profile email offline_access"
              OIDC_TOKEN_URI: "https://auth.${SECRET_CLUSTER_DOMAIN}/api/oidc/token"