oidc: allow reading the client secret from a file
Currently the most "secret" way to specify the oidc client secret is via an environment variable `OIDC_CLIENT_SECRET`, which is problematic[1]. Lets allow reading oidc client secret from a file. For extra convenience the path to the secret will resolve the environment variables. [1]: https://systemd.io/CREDENTIALS/
This commit is contained in:
Motiejus Jakštys
Kristoffer Dalby
parent
6edac4863a
commit
bafb6791d3
6 changed files with 59 additions and 8 deletions
|
|
@ -20,6 +20,10 @@ oidc:
|
|||
# Specified/generated by your OIDC provider
|
||||
client_id: "your-oidc-client-id"
|
||||
client_secret: "your-oidc-client-secret"
|
||||
# alternatively, set `client_secret_path` to read the secret from the file.
|
||||
# It resolves environment variables, making integration to systemd's
|
||||
# `LoadCredential` straightforward:
|
||||
#client_secret_path: "${CREDENTIALS_DIRECTORY}/oidc_client_secret"
|
||||
|
||||
# Customize the scopes used in the OIDC flow, defaults to "openid", "profile" and "email" and add custom query
|
||||
# parameters to the Authorize Endpoint request. Scopes default to "openid", "profile" and "email".
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue