-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy pathfides-secrets.yaml
More file actions
24 lines (24 loc) · 1.33 KB
/
fides-secrets.yaml
File metadata and controls
24 lines (24 loc) · 1.33 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
{{- if not .Values.fides.configuration.fidesSecuritySecretName }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "fides.fidesSecuritySecretName" . }}
data:
# try to get the old secret
# keep in mind, a dry-run only returns an empty map
{{- $existing_secret := lookup "v1" "Secret" .Release.Namespace ( include "fides.fidesSecuritySecretName" . ) }}
# check, if a secret is already set
{{- if or (not $existing_secret) (not $existing_secret.data) }}
# if not set, then generate a new encryption key and set of OAuth root credentials
FIDES__SECURITY__APP_ENCRYPTION_KEY: {{ randAlphaNum 32 | b64enc }}
FIDES__SECURITY__OAUTH_ROOT_CLIENT_ID: {{ uuidv4 | b64enc }}
FIDES__SECURITY__OAUTH_ROOT_CLIENT_SECRET: {{ randAlphaNum 24 | b64enc }}
FIDES__SECURITY__DRP_JWT_SECRET: {{ randAlphaNum 24 | b64enc }}
{{- else }}
# if set, then use the old values
FIDES__SECURITY__APP_ENCRYPTION_KEY: {{ index $existing_secret.data "FIDES__SECURITY__APP_ENCRYPTION_KEY" }}
FIDES__SECURITY__OAUTH_ROOT_CLIENT_ID: {{ index $existing_secret.data "FIDES__SECURITY__OAUTH_ROOT_CLIENT_ID" }}
FIDES__SECURITY__OAUTH_ROOT_CLIENT_SECRET: {{ index $existing_secret.data "FIDES__SECURITY__OAUTH_ROOT_CLIENT_SECRET" }}
FIDES__SECURITY__DRP_JWT_SECRET: {{ index $existing_secret.data "FIDES__SECURITY__DRP_JWT_SECRET" }}
{{- end }}
{{- end }}