Add secretRef support for OAuth/OIDC configuration and fix secret injection bug

[Skaronator]

The Perses CRD currently requires OAuth/OIDC secrets to be stored in plain text, creating a security risk. Additionally, the current secret implementation appears to be broken, causing literal placeholder text to be used instead of actual secret values.

Current Behavior

OAuth/OIDC client secrets must be hardcoded in clear text directly in the Perses CRD configuration.

The CRD does not support secretRef fields to reference Kubernetes Secrets (which would enable integration with External Secrets Operator or similar tools)

Additionally: when configuring secrets, the Azure sign-in URL incorrectly contains client_id= as a literal string instead of injecting the actual secret value

Expected Behavior

• The CRD should support referencing Kubernetes Secrets via secretRef fields for sensitive OAuth/OIDC configuration
• Secret values should be properly injected and resolved when constructing OAuth URLs
• Support for External Secrets Operator patterns through standard Kubernetes Secret references

Steps to Reproduce (for the bug)

1. Configure OAuth/OIDC authentication with Azure in Perses CRD
2. Set up the client secret according to current documentation
3. Attempt to sign in via Azure
4. Observe that the redirect URL contains client_id=<secret> instead of the actual client ID value

[alberbm-dev]

Hi team :)

Any updates on the operator side of this issue or ways to work around it?

[Nexucis]

Hi @alberbm-dev,

I am proposing a way to read secret from file in perses/perses#3617 for each secret field.

Once v0.53.0 is released, the operator can be updated and hopefully it will solve this issue.