-
I'm managing my k8s cluster using ansible and argocd. One of the key parts is that I'm strictly separating out 'secrets configuration' from app configuration. This allows me to automate more of the app side, eg bumping versions etc, as I don't need them to have secrets. I've noticed the helm chart asks for passwords, is there a way to reference existing kubernetes secrets instead?. That way I can transfer them using something like sealed secrets or get the secrets in cluster a different way, without having to have them be near the non secret config, thus making it okay to store the non secret config in git. |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 1 reply
-
You can use existing secrets or config maps, see https://github.com/goauthentik/helm/blob/main/charts/authentik/values.yaml#L117-L125 |
Beta Was this translation helpful? Give feedback.
-
Given the response from @btrepp
Seeing as this is a product designed to administer account security for enterprises, having the default example use k8s secrets objects rather than hard coding keys to the kingdom into a file that will likely end up in version control, would help global security posture, and decrease the likelyhood of a major breach of networks using your tool. |
Beta Was this translation helpful? Give feedback.
You can use existing secrets or config maps, see https://github.com/goauthentik/helm/blob/main/charts/authentik/values.yaml#L117-L125