Don't leak cookie secret.

2023-01-29 17:26:08 -05:00 · 2023-01-29 17:26:08 -05:00 · 738acb5d33
parent 3a278ba0c0
commit 738acb5d33
1 changed files with 7 additions and 1 deletions
--- a/deployments/kanboard-deployment.yaml
+++ b/deployments/kanboard-deployment.yaml
@ -31,7 +31,7 @@ spec:
      - name: oauth-proxy
        image: quay.io/oauth2-proxy/oauth2-proxy:v7.4.0
        args:
-        - --cookie-secret=RWqAKjoAp1-kDc2QRtITP8xx6WsXQzDGl33ExDh8mcs=
+        - --cookie-secret=`$COOKIE_SECRET`
        - --cookie-secure=false
        - --email-domain=*
        - --provider=keycloak-oidc
@ -44,6 +44,12 @@ spec:
        - --http-address=0.0.0.0:8080
        ports:
        - containerPort: 8080
+        env:
+        - name: COOKIE_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: kanboard-cookie
+              key: cookie-secret
      - name: kanboard-app
        image: 192.168.1.128:8443/kanboard:latest
        ports: