travisghansen / external-auth-server

easy auth for reverse proxies
MIT License
330 stars 44 forks source link

Add EAS_ENCRYPT_IV_SECRET environmental variable to helm template #134

Open venkyhodigere opened 3 years ago

venkyhodigere commented 3 years ago

Hi there,

I wanted to use the initialization vector for the config token encryption with AES.

I saw that the support for IV is already there in utils.js https://github.com/travisghansen/external-auth-server/blob/master/src/utils.js#L14

But the env var setup for EAS_ENCRYPT_IV_SECRET is missing in the deployment.yaml helm template: https://github.com/travisghansen/external-auth-server/blob/master/charts/external-auth-server/templates/deployment.yaml

I was wondering if you are ok if I go ahead and add it in there and raise a PR.

Venky

travisghansen commented 3 years ago

Welcome!

Yeah of course! Let's get it added. Just make sure to add it as a secret value and treat it similar to how the rest of the secrets are treated.

venkyhodigere commented 2 years ago

I have added it as a secret value.

Would it be possible to take a look at the PR: https://github.com/travisghansen/external-auth-server/pull/137

travisghansen commented 2 years ago

Yeah I haven’t forgotten about this. Thanks for the contribution!

The holdup is I’m considering rewriting a bit of how this value is used to more closely align with its cryptographic purpose. Currently it’s just in there as a way to sort of suppress the warnings in the logs but it’s not quite what it needs to be. In that vein I’ve just been holding off a bit :(

venkyhodigere commented 2 years ago

Please let me know if there is something I could do help with to take this forward.

Meantime, would you be ok to review/approve this PR and do the bigger redesign as a subsequent feature?