search

oauth2-proxy / manifests

For hosting manifests to allow for the deployment of OAuth2-Proxy/OAuth2-Proxy
Apache License 2.0
170 stars 153 forks source link

How to set OIDC env using vault sidecar #227

Open himanshujaindev opened 3 months ago

himanshujaindev commented 3 months ago 
vault.hashicorp.com/agent-inject-secret-oauth2-secrets.sh: "secret/[DC]/oidc-client-secret"
vault.hashicorp.com/agent-inject-template-oauth2-secrets.sh: |
    {{- with secret "secret/[DC]/oidc-client-secret" -}}
    OAUTH2_PROXY_CLIENT_ID='name-oauth-client'
    OAUTH2_PROXY_CLIENT_SECRET={{ .Data.oidc_client_secret }}
    OAUTH2_PROXY_COOKIE_SECRET=dd if=/dev/urandom bs=32 count=1 2>/dev/null | base64 | tr -d -- '\n' | tr -- '+/' '-_' ; echo
    {{- end -}}

How can we set the above in deployment.yaml ?

@pierluigilenoci - Would appreciate any help on this.

pierluigilenoci commented 2 months ago

@himanshujaindev, could you help me understand exactly what you want to achieve?

I suggest having your sidecar inject a secret into the OAuth2 Proxy namespace. Then use this: https://github.com/oauth2-proxy/manifests/blob/main/helm/oauth2-proxy/values.yaml#L246.

Does this answer your question?

pierluigilenoci commented 2 months ago

@himanshujaindev, can this https://github.com/oauth2-proxy/manifests/pull/230 solve your problem?