nlopez
commented
6 years ago oauth2-proxy
Your assumption is right on the gitcrypted secrets.yaml -- for oauth2 proxy, secrets.yaml is:
apiVersion: v1
kind: Secret
metadata:
name: oauth2-proxy
type: Opaque
data:
authenticated-emails: <base64 encoded data>
config: <base64 encoded data>and those individual keys look like this in plain text:
# this one's not much of a secret :)
❯ kubectl get secret oauth2-proxy -o json | jq -r '.data["authenticated-emails"]' | base64 -d
nlopez@gmail.com
❯ kubectl get secret oauth2-proxy -o json | jq -r '.data.config' | base64 -d
client_id = "123456789.apps.googleusercontent.com"
client_secret = "aRealSecret"
cookie_secret = "AnotherRealSecret"deluge
Similar, secrets.yaml is
apiVersion: v1
kind: Secret
metadata:
name: deluge
type: Opaque
data:
auth: <base64 encoded data>and that base64 encoded data, decoded, is the plain Deluge auth config:
❯ kubectl get secret deluge -o json | jq -r '.data.auth' | base64 -d
localclient:********:10
remoteclient:********:10
Hey maybe I'm dumb, but I'm having a hard time figuring out the oauthproxy and other secrets format (for example, I put
in secrets for deluge, but when I run it, it creates an "auth" directory, but no contents. for the oauth2 proxy, I'm assuming you're placing both your cookie secret, client secret, and client IDs as variables in a config, but what about your list of authorized email addresses? I obviously (or maybe not) cannot run gitcrypt unlock secrets.yaml, so it would be super helpful if you could post sample "secret.yaml" contents to give pointers :)
Thanks!