Remove hard coded secrets

deployments/infra/traefik-forward-auth/traefik-forward-auth.yaml

@@ -1,16 +1,4 @@
-kind: Secret
-apiVersion: v1
-metadata:
-  name: traefik-forward-auth-secrets
-  namespace: infra
-  labels:
-    name: traefik
-type: Opaque
-data:
-  CLIENT_SECRET: MC1oeUpXVW90S0VjN2xUcnIwUUpvYmc5
-  SECRET: SkxvQUYyM3JabVRyQWJUZg==
 ---
-kind: Deployment
 apiVersion: apps/v1
 metadata:
   name: traefik-forward-auth
@@ -40,7 +28,10 @@ spec:
             - name: OIDC_ISSUER
               value: https://accounts.google.com
             - name: CLIENT_ID
-              value: 790180635443-4kkbqimheq81o2p612t3itrl8bkcvthe.apps.googleusercontent.com
+              valueFrom:
+                secretKeyRef:
+                  name: traefik-forward-auth-secrets
+                  key: CLIENT_ID
             - name: CLIENT_SECRET
               valueFrom:
                 secretKeyRef:

setup/bin/bootstrap-secrets.sh

@@ -19,4 +19,8 @@ kubectl -n infra create secret generic minio --from-literal="accesskey=$MINIO_AC
                                              --from-literal="secretkey=$MINIO_SECRET_KEY"
 
 kubectl -n velero create secret generic velero --from-literal="accesskey=$MINIO_ACCESS_KEY" \
-                                               --from-literal="secretkey=$MINIO_SECRET_KEY"
+                                               --from-literal="secretkey=$MINIO_SECRET_KEY"
+
+kubectl -n infra create secret generic traefik-forward-auth-secrets --from-literal="CLIENT_ID=$CLIENT_ID" \
+                                                                    --from-literal="CLIENT_SECRET=$CLIENT_SECRET" \
+                                                                    --from-literal="SECRET=$SECRET"