Skip to content

Commit

Permalink
kratos: add config for github
Browse files Browse the repository at this point in the history 
Signed-off-by: Victor Login <batazor@evrone.com>
  • Loading branch information
@batazor
batazor committed Feb 22, 2023
1 parent 89c4cf4 commit 71f426e
Show file tree
Hide file tree
Showing 3 changed files with 66 additions and 25 deletions.
25 changes: 0 additions & 25 deletions ops/Helm/addons/auth/kratos.values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,31 +91,6 @@ kratos:
enabled: true
oidc:
enabled: true
config:
providers:
# this is `<provider-id>` in the Authorization callback URL. DO NOT CHANGE IT ONCE SET!
- id: github
provider: github
# Replace this with the OAuth2 Client ID provided by GitHub
client_id: ....
# Replace this with the OAuth2 Client Secret provided by GitHub
client_secret: ....
mapper_url: file:///etc/config/kratos/oidc.github.jsonnet
scope:
- user:email
# this is `<provider-id>` in the Authorization callback URL. DO NOT CHANGE IT ONCE SET!
- id: gitlab
provider: gitlab
# Replace this with the OAuth2 Client ID provided by GitLab
client_id: ....
# Replace this with the OAuth2 Client Secret provided by GitLab
client_secret: ....
mapper_url: file:///etc/config/kratos/oidc.gitlab.jsonnet
scope:
- read_user
- openid
- profile
- email

# These `ui_url` values are entirely dependant upon your setup.
# For this example, the React-app runs in development mode on the default port of 3000.
Expand Down
60 changes: 60 additions & 0 deletions ops/Helm/addons/auth/secret.sops.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
kratos:
kratos:
config:
selfservice:
methods:
oidc:
config:
providers:
- ENC[AES256_GCM,data:zZHgOOisXnXbnUC3VTMAUQ7WDOF6kJKjPzJ1Lrknyfox75Du6LBU/+OukiUlx685Dmg2UocL/CjQtrH6SelYo8m+LHF0P9lVSRxFdTPwcPL288jhVKE=,iv:8lAFjNk/lGnWCxyH21AOoJ6BJ1UPdXdE7/nmOEE+D1M=,tag:q0w1N6KO8gXmjU7jYGkIvw==,type:comment]
- id: ENC[AES256_GCM,data:GH4046M8,iv:yZU8jUPVODoEfyymmM8Ca0mBpHAnWODd30GXhXEIphs=,tag:BlfUIn2C3wAkXMEHnQ11bg==,type:str]
provider: ENC[AES256_GCM,data:ppHhmqx/,iv:1yf78gy2k89q8fPtbH/TtISJGY/dotg5mAJHRtTBlHw=,tag:8+RFYARCFh659auIA0ECpQ==,type:str]
#ENC[AES256_GCM,data:KrDWtu5919JFsHFBtWT1ISEQ5LIq1fQzNLtWbmPYHTQYPL53BsxpSBrOa8C8FwFOzF5iclrYdiwrRg==,iv:s9woKwlPRNTWVlIsl8Ls2ZvC9GjOjVU7Y8KhpFlWZ24=,tag:g7fJEMnYFPwkyltD1OQ5Kw==,type:comment]
client_id: ENC[AES256_GCM,data:4eBhBeSkXlUTGMsZJjP700Jit20=,iv:ZJZh+Y8Oj7JAlTwyvZxs8z43stdXMmJOsiONxIqjH5U=,tag:dwd5zO8KBvw6lZvuXqUg5Q==,type:str]
#ENC[AES256_GCM,data:pyJfo+S7cF5cVHGwv8iGw6BaNub/7+hHRsj+UvBrxh9MyAqv7mRTtWRCzk/bTIoJ0SRd+roQkK5+5qWk5Ek=,iv:keJ1goV3FA5AIjpJfBNs1Audcha+oTj3xk+XEilEllc=,tag:1z6kWwToPLUMGdWEoST+3w==,type:comment]
client_secret: ENC[AES256_GCM,data:P3CsGOv1BnWzxSxMzGmIRJE8CN0/XedL31Z2PFUDXH+4Xm0a2EY/eg==,iv:nrfJDP07/+Syeyoei3kJpemVMrBFi4+GA2/JI35AFww=,tag:VAbhLa8aaUScqgdSj9YvAg==,type:str]
mapper_url: ENC[AES256_GCM,data:m8Kc69TWMo5mIvn4GhOVoWN2UuEz4P4F9rZwiCGvOBcvdutkQnMyblU6luI4,iv:vfvrt4SSGJ++pxQkrK0UD5sMvQ929LkpcxaMJVrPn6w=,tag:H2VKImc3EFfoA2BwwaAgyQ==,type:str]
scope:
- ENC[AES256_GCM,data:ZL4mTyDbdprh0Q==,iv:gSZDF92DOnLI1OqL3IVMPRinCKClzWYoyLOyaNn+FCw=,tag:HYQz6gl0WdD9qxsuSi94LA==,type:str]
- ENC[AES256_GCM,data:OJlbNVZMPNUQ63E0zRXtDhYvPs/uQ67pvflcQucIc6tXuqivTk1Abxug2XcQ5C7QLazMHtmeybhKEq9AOhiKvoJoQtSp8FAyqDJrIH5Jm+HRBbHSy/0=,iv:n0Rxs/RMRYK6osaDs0enNpsx7mU/nfVW7IpHYoy3kwU=,tag:Qd9lkSPrLkhYuTcEBze/bA==,type:comment]
- id: ENC[AES256_GCM,data:4uSc0cpi,iv:lJfJmwMjjL2olLIZid8CM6blcnB1wY5SmoUmLFspm5M=,tag:uF6EdpwPpXDbPJSnum5L0Q==,type:str]
provider: ENC[AES256_GCM,data:N8d/pn1m,iv:98Jp2zoKKZeERe9iGrNG19u1EK1Ai8f4CsvasPUBs20=,tag:KWPWkcZ6/necvCA6lvwk5w==,type:str]
#ENC[AES256_GCM,data:+bvNwyItiETUsE4niOVGlvmVadfysNO0gy7uIZXBEP9/n/eDGzTtGLuPU13p6dogpvTw5bAQfAqxAg==,iv:nshi4gGyDPDtaevwqA8NtdBal4u0G9IQwmefzp7Lleg=,tag:z1m71tsEuMAv1ZljiWl4Bw==,type:comment]
client_id: ENC[AES256_GCM,data:/FdZrA==,iv:+AS2TzltE1SHBVvtgTzF2M9KeXPr3gx9MhaDhEjfY9o=,tag:5s5IgnGuOkvt1xtpkUR0aA==,type:str]
#ENC[AES256_GCM,data:D2GRQB+3wGGa1z/Y6ourTILeGSl7jWIco/R4jolKTyShHKqprejOB8RUvSIWrmzpw6zZZh1l+ki2OVRMXkQ=,iv:nL/zD6em63OFMPKC92/Qf0KON9xgdmLbOeMnSYcwl2Q=,tag:wOiKFGTqlq0MVTSqhi9cJg==,type:comment]
client_secret: ENC[AES256_GCM,data:fK313g==,iv:GgrKMOFQ1IpX7aqkSxSgk5XHAdROnlMdP0g7WpGbXzo=,tag:RVBQ/VbVLlEuYFkqZ2AGKw==,type:str]
mapper_url: ENC[AES256_GCM,data:Nm47XOZvfOxWNBPzmIrjgQgCNsNAsRW8Z4XD0DnHufIS9Z4teYW5eP3qNOwZ,iv:KlndvyqANBSwcZzldffaplBFzBKmxBKWKZjS9m1pAiM=,tag:nwr1l7tALZ7a8P1MuDb2Xw==,type:str]
scope:
- ENC[AES256_GCM,data:fjVFD7yMyK8A,iv:GI8f7uC/J258eZdiNA7xxzjyv9tgRJA5VB7kMuy5OMU=,tag:uXvRdbj2ly/Ly0uZd4qmAA==,type:str]
- ENC[AES256_GCM,data:M3D/piyH,iv:NaJqnudevHh8flxtDsrkfGtXRTqE4eFid0MBFUMt6Qk=,tag:dxeYn+UgktNvVe0bVICqjA==,type:str]
- ENC[AES256_GCM,data:oRV8VuFBpw==,iv:h44JIYR26oze95W6EHSP/Cb7fDYYvNW6/yb83lAbHas=,tag:9qqiLy5YGU8QzvRbU237MQ==,type:str]
- ENC[AES256_GCM,data:S9IT++E=,iv:K1WpyaZUVFaZEN0pfPDTpFc/CQepJnhgrW17g035MHI=,tag:NI2GPSET/18EuSEBXEk7Tg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2023-02-22T11:38:59Z"
mac: ENC[AES256_GCM,data:ShRiHKwRxKJU1cGM0poRjVZJZr63MROL6NCYUqLyCfVOw3jvS/ya5B+MGIEuXTx6PJoIlAat3rAzm6lXFaUCIZfnm3Cw4Re1XmF1pTqLGOMabn19ZD/seXFPZldWRzWQGuV7YAQUw83lpobGeDEIt9RXm9GMDHQgLLQXX5+AUt8=,iv:vqH8+Bivh9d2EPRxXLKVhDluBDVd05AAU7L6Lj5Y+iE=,tag:lXpuuLkN9WdOPp6tTkgyNw==,type:str]
pgp:
- created_at: "2023-02-22T11:35:24Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQGMAxDrDE6S/SFjAQv/YSPSPqrVqrKhE116OQdzs0BNqzNtgMhXKZ/9xFiWbr8x
yrkO0eHBhFvqKUYZVohwlrRX1etJpndYlGAiOFnOPTkeV1DZf++fAgs4Emb8cZ7v
LsbZ5mOuNqB5qdBYlIl1cQcd9rW9touQ4fINzTYHCijuqd44tBg4BAQFxRR3Gnb3
FWZXceUXNKTHKN9HjaLkduMLtNYC79kglKXex2XrRPWABbjv2MN+5c40uNEhWUDd
okNDr6uUGjMEmS/hB+Uc26T3bOloeJ65jjKFSaNAIPSMoPDMvSxmjXqUqh997dsb
Q1rFwxlk/YIRFo4YbqxQKiemRAJyjWr2MWVHlF9HQtPuEFYvyJPyNj/dcwdqwbHU
N5PZPzvqYCJXquJVLlZSdgcPO5jGdC0x0OhOnOYk6WNYYyCk0M168G7PUNJlYYB+
ICkz5K8mdI2xGn2XmJtOyWgbWIecteOVwA3yCc9Bb54bThEWkvp/Ggb88+fbEx08
M1b7n++eLpJsKx9o8E3R1GgBCQIQ910HVDvwqa/oNCVjBAH3XoXuN40kKK5iT8UC
mzzSaCVBNfFj8SLI6PxoXuCC8BME8Dhofe5WL14W2hSGqvsxkLJoFzr6H6ExR5ge
JqqNTWX8uX8nOUs5ou6Wii853c0pKKSKlQ==
=cJn2
-----END PGP MESSAGE-----
fp: C92AE33AF20998F8CA09E819A842078E859DE4F1
unencrypted_suffix: _unencrypted
version: 3.7.3
6 changes: 6 additions & 0 deletions ops/argocd/infrastructure/auth/application.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,12 @@ spec:
releaseName: auth
valueFiles:
- kratos.values.yaml

# ### Method 2: Fetch the gpg/age key from kubernetes secret
# secrets+gpg-import-kubernetes://<namespace>/<secret-name>#<key-name>.asc?<relative/path/to/the/encrypted/secrets.yaml>
# secrets+age-import-kubernetes://<namespace>/<secret-name>#<key-name>.txt?<relative/path/to/the/encrypted/secrets.yaml>
# Example Method 2: (Assumptions: namespace=argocd, secret-name=sops-gpg, key-name=app, secret.yaml is in the root folder)
- secrets+gpg-import-kubernetes://argocd/sops-gpg#sops.asc?secret.sops.yaml
syncPolicy:
automated:
prune: true
Expand Down

0 comments on commit 71f426e

Please sign in to comment.