feat(sso): using secret references in dex to not put secrets in git

2025-08-14 16:03:39 +02:00 · 2025-08-14 16:03:39 +02:00 · cbc8752fa1
commit cbc8752fa1
parent bab179a272
2 changed files with 3 additions and 3 deletions
--- a/otc/observability.t09.de/stacks/core/dex/values.yaml
+++ b/otc/observability.t09.de/stacks/core/dex/values.yaml
@ -68,9 +68,9 @@ config:
      name: ArgoCD Client
      redirectURIs:
        - "http://argocd.observability.t09.de/auth/callback"
-      secret: "{{`{{ .Env.OIDC_DEX_ARGO_CLIENT_SECRET }}`}}"
+      secretEnv: "OIDC_DEX_ARGO_CLIENT_SECRET"
    - id: grafana
      redirectURIs:
        - "https://grafana.observability.t09.de/login/generic_oauth"
      name: "Grafana"
-      secret: "thisisasecret"
+      secretEnv: "OIDC_DEX_GRAFANA_CLIENT_SECRET"
--- a/otc/observability.t09.de/stacks/observability/grafana-operator/manifests/grafana.yaml
+++ b/otc/observability.t09.de/stacks/observability/grafana-operator/manifests/grafana.yaml
@ -53,7 +53,7 @@ spec:
      allow_sign_up: "true"
      use_refresh_token: "true"
      client_id: grafana
-      client_secret: "thisisasecret" # $__file{/etc/secrets/auth_generic_oauth/client_secret}
+      client_secret: "grafana123" # $__file{/etc/secrets/auth_generic_oauth/client_secret}
      scopes: openid email profile offline_access groups
      auth_url: https://dex.observability.t09.de/auth
      token_url: https://dex.observability.t09.de/token