{{/* Define the secrets */}} {{- define "authelia.secrets" -}} {{- $basename := include "tc.v1.common.lib.chart.names.fullname" $ -}} {{- $fetchname := printf "%s-authelia-secrets" $basename -}} {{/* Initialize all keys */}} {{- $oidckey := genPrivateKey "rsa" }} {{- $oidcsecret := randAlphaNum 32 }} {{- $jwtsecret := randAlphaNum 50 }} {{- $sessionsecret := randAlphaNum 50 }} {{- $encryptionkey := randAlphaNum 100 }} enabled: true data: {{ with (lookup "v1" "Secret" .Release.Namespace $fetchname) }} {{/* Get previous values and decode */}} {{ $sessionsecret = (index .data "SESSION_ENCRYPTION_KEY") | b64dec }} {{ $jwtsecret = (index .data "JWT_TOKEN") | b64dec }} {{ $encryptionkey = (index .data "ENCRYPTION_KEY") | b64dec }} {{/* Check if those keys ever existed. as OIDC is optional */}} {{ if and (hasKey .data "OIDC_PRIVATE_KEY") (hasKey .data "OIDC_HMAC_SECRET") }} {{ $oidckey = (index .data "OIDC_PRIVATE_KEY") | b64dec }} {{ $oidcsecret = (index .data "OIDC_HMAC_SECRET") | b64dec }} {{ end }} {{ end }} SESSION_ENCRYPTION_KEY: {{ $sessionsecret }} JWT_TOKEN: {{ $jwtsecret }} ENCRYPTION_KEY: {{ $encryptionkey }} {{- if .Values.authentication_backend.ldap.enabled }} LDAP_PASSWORD: {{ .Values.authentication_backend.ldap.plain_password }} {{- end }} {{- if and .Values.notifier.smtp.enabled .Values.notifier.smtp.plain_password }} SMTP_PASSWORD: {{ .Values.notifier.smtp.plain_password }} {{- end }} {{- if .Values.duo_api.enabled }} DUO_API_KEY: {{ .Values.duo_api.plain_api_key }} {{- end }} STORAGE_PASSWORD: {{ $.Values.cnpg.main.creds.password | trimAll "\"" }} REDIS_PASSWORD: {{ .Values.redis.creds.redisPassword | trimAll "\"" }} {{- if .Values.redisProvider.high_availability.enabled }} REDIS_SENTINEL_PASSWORD: {{ .Values.redis.sentinelPassword | trimAll "\"" }} {{- end }} OIDC_PRIVATE_KEY: | {{- $oidckey | nindent 4 }} OIDC_HMAC_SECRET: {{ $oidcsecret }} {{- end -}}