Skip to content

feat: allow usage of existing secret for preshared keys #196

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat: allow usage of existing secret for preshared keys #196

wants to merge 1 commit into from

Conversation

bgdn-r
Copy link

@bgdn-r bgdn-r commented Feb 20, 2025
edited
Loading

Summary

Allow usage of existing secret that contains the pre-shared keys.

Description

Extending the Helm chart with the option to read the pre-shared keys from a Kubernetes secret.
The secret is expected to have the presharedKeys key which will contain the keys themselves.
The functionality is the same as for datastore.uriSecret.

References

#175
#188

@bgdn-r bgdn-r requested review from a team as code owners February 20, 2025 16:29
@bgdn-r bgdn-r force-pushed the feat/preshared-keys-secret branch from 9c17045 to 4b2289a Compare February 24, 2025 08:36
jeremy-albuixech
jeremy-albuixech reviewed Mar 26, 2025
View reviewed changes
charts/openfga/values.schema.json
"string",
"null"
],
"description": "the secret name where to get the preshared keys, it expects a key named 'presharedKeys' to exist in the secret containing a comma-separated list of keys"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would clarify in the description that if authn.method=preshared we need either this or the other property, it would be good to update the description of preshared.keys as well to reflect that there are two ways to pass them with this change.

jeremy-albuixech
jeremy-albuixech reviewed Mar 26, 2025
View reviewed changes
charts/openfga/templates/deployment.yaml
valueFrom:
secretKeyRef:
name: "{{ .Values.authn.preshared.keysSecret }}"
key: "presharedKeys"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

to be consistent, I would name the key in the secret keys since the secret's purpose is already to pass preshared keys, what do you think?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jeremy-albuixech jeremy-albuixech jeremy-albuixech left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

secrets

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@bgdn-r @jeremy-albuixech @rhamzeh