fix(homepage): generate a cookie secret

mrsimonemms · Dec 14, 2024 · c1996ee · c1996ee
1 parent 1df08f6
commit c1996ee
Showing 1 changed file with 29 additions and 8 deletions.
diff --git a/registry/components/homepage/oauth2-proxy.yaml b/registry/components/homepage/oauth2-proxy.yaml
@@ -78,22 +78,43 @@ spec:
     name: bitwarden
   target:
     name: oauth
+    template:
+      engineVersion: v2
+      data:
+        client-id: "{{ .clientId }}"
+        client-secret: "{{ .clientSecret }}"
+        cookie-secret: "{{ .cookieSecret }}"
   data:
-    - secretKey: client-id
+    - secretKey: clientId
       remoteRef:
         key: OIDC_CLIENT_ID
         conversionStrategy: Default
         decodingStrategy: None
         metadataPolicy: None
-    - secretKey: client-secret
+    - secretKey: clientSecret
       remoteRef:
         key: OIDC_CLIENT_SECRET
         conversionStrategy: Default
         decodingStrategy: None
         metadataPolicy: None
-    - secretKey: cookie-secret
-      remoteRef:
-        key: OAUTH_PROXY_COOKIE_SECRET
-        conversionStrategy: Default
-        decodingStrategy: None
-        metadataPolicy: None
+  dataFrom:
+    - sourceRef:
+        generatorRef:
+          apiVersion: generators.external-secrets.io/v1alpha1
+          kind: Password
+          name: cookieSecret
+---
+apiVersion: generators.external-secrets.io/v1alpha1
+kind: Password
+metadata:
+  name: cookieSecret
+  namespace: homepage
+  annotations:
+    argocd.argoproj.io/sync-wave: "10"
+spec:
+  length: 32
+  digits: 5
+  symbols: 5
+  symbolCharacters: "-_@"
+  noUpper: false
+  allowRepeat: true