Open hamza-m-masood opened 1 month ago
I have the exact same issue/request. Only I would like to see it solved for all the secrets in the Helm chart and not just the one mentioned here (Identity). In addition to that it would be nice if you could reference the name of the existing secret's key. For example, when using the identityPostgresql
there is an option called secretKeys/userPasswordKey
where you can specify the name of the key. That would allow us to integrate more easily with existing Kubernetes Secrets.
Addition: When you set the identity secret with a string value, like global.identity.auth.identity.existingSecret: EasySecretInPlainText, this gets inject in clear in Identities configmap/application.yaml.
Snippet from ConfigMap camunda-identity-configuration:
│ Data │ │ ==== │ │ application.yaml: │ │ ---- │ │ identity: │ │ url: "https://mydomain.de/identity" │ │ client-id: "identity" │ │ client-secret: "EasySecretInPlainText"
Edit: Expectation: It should work like for other secrets via Env Var. Example for Connectors Secret (in the same configmap):
│ applications: │ │ - name: Connectors │ │ id: ${CAMUNDA_CONNECTORS_CLIENT_ID:${KEYCLOAK_INIT_CONNECTORS_CLIENT_ID:connectors}} │ │ type: m2m │ │ secret: ${CAMUNDA_CONNECTORS_SECRET:${KEYCLOAK_INIT_CONNECTORS_SECRET:}}
Describe the issue:
Currently, it is not possible to reference an existing secret for identity like so:
Only the value of the secret can be provided in the values.yaml.
Actual behavior:
When you attempt to add a
name
key underexistingSecret
you get the following output in the identity configmap:For this reason, if it is not intended to create functionality to reference an existing secret using the
name
value, then at least there should be a check to ensure that theexistingSecret
value is a string.This secret is only needed when you configure external OIDC A clear comment should be mentioned in the vaues.yaml to make it clear to customers that this secret is only needed for external OIDC Expected behavior:
I expect to reference an existing secret using the
name
value underexistingSecret
for identity and have it rendered correctly.How to reproduce:
use the values.yaml I provided at the top.
Environment:
Please note: Without the following info, it's hard to resolve the issue and probably it will be closed.