-
Notifications
You must be signed in to change notification settings - Fork 63
feat(authn): add support for fetching preshared keys from secrets #212
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(authn): add support for fetching preshared keys from secrets #212
Conversation
Previously, preshared keys were only configurable directly through values.yaml, this change adds the ability to fetch preshared keys from Kubernetes secrets instead. The new keysSecret field in the authn.preshared configuration allows specifying a secret name that contains the keys.
Added a test case to verify that the new keysSecret feature works correctly. The test validates that: - Kubernetes secrets can be properly created - Secret values can be mounted as environment variables - The authentication configuration can read from secrets This test ensures the security enhancement works as expected in a Kubernetes environment.
Changed the environment variable name from OPENFGA_AUTHN_PRESHARED_KEYS_SECRET to OPENFGA_AUTHN_PRESHARED_KEYS in the deployment configuration to address PR comments
thank you for contributing, can you sign the CLA? it is required for the first time |
any news? |
@whoisxx @galibozek Sorry for the delay, EasyCLA has been signed. |
@sherv-cohere can we merge? :) |
Sorry, let me merge it. I think it looks good 👍 |
@jeremy-albuixech I don't think this is working correctly. When I attempt to use this exact structure with the preshared keys being fed through a secret I get: At the pod level, the field |
@jeremy-albuixech Is this perhaps not released yet and that's why I'm not able to use the feature? |
ah yes likely, let me see if we can make a new release |
@jeremy-albuixech Are you able to make a release today? 🙂 |
Previously, preshared keys were only configurable directly through values.yaml, this change adds the ability to fetch preshared keys from Kubernetes secrets instead.
The new keysSecret field in the authn.preshared configuration allows specifying a secret name that contains the keys.
Description
This PR adds a new security enhancement to the Helm chart that allows fetching preshared authentication keys from Kubernetes secrets instead of storing them directly in values.yaml.
Key changes:
keysSecret
field toauthn.preshared
configuration in values.schema.jsonkeys
fieldThis change follows the same pattern as
datastore.uriSecret
.References
#175
#188
Review Checklist
main