From 738acb5d332fe346c0b434e93541eaa25efac029 Mon Sep 17 00:00:00 2001
From: James Pace <jpace121@gmail.com>
Date: Sun, 29 Jan 2023 17:26:08 -0500
Subject: [PATCH] Don't leak cookie secret.

---
 deployments/kanboard-deployment.yaml | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/deployments/kanboard-deployment.yaml b/deployments/kanboard-deployment.yaml
index 1ce7b0a..a1884ee 100644
--- a/deployments/kanboard-deployment.yaml
+++ b/deployments/kanboard-deployment.yaml
@@ -31,7 +31,7 @@ spec:
       - name: oauth-proxy
         image: quay.io/oauth2-proxy/oauth2-proxy:v7.4.0
         args:
-        - --cookie-secret=RWqAKjoAp1-kDc2QRtITP8xx6WsXQzDGl33ExDh8mcs=
+        - --cookie-secret=`$COOKIE_SECRET`
         - --cookie-secure=false
         - --email-domain=*
         - --provider=keycloak-oidc
@@ -44,6 +44,12 @@ spec:
         - --http-address=0.0.0.0:8080
         ports:
         - containerPort: 8080
+        env:
+        - name: COOKIE_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: kanboard-cookie
+              key: cookie-secret
       - name: kanboard-app
         image: 192.168.1.128:8443/kanboard:latest
         ports: