make oidc_client_secret config optional

.env.sample

@@ -16,7 +16,6 @@ SECRET_DB_PASSWORD_VERSION=v1
 SECRET_SECRET_KEY_VERSION=v1  # length=64
 SECRET_UTILS_SECRET_VERSION=v1  # length=64
 SECRET_AWS_SECRET_KEY_VERSION=v1
-SECRET_OIDC_CLIENT_SECRET_VERSION=v1
 
 AWS_ACCESS_KEY_ID=
 AWS_REGION=
@@ -26,14 +25,6 @@ AWS_S3_UPLOAD_MAX_SIZE=26214400
 AWS_S3_FORCE_PATH_STYLE=true
 AWS_S3_ACL=private
 
-OIDC_CLIENT_ID=
-OIDC_AUTH_URI=
-OIDC_TOKEN_URI=
-OIDC_USERINFO_URI=
-OIDC_USERNAME_CLAIM=preferred_username
-OIDC_DISPLAY_NAME="My Cool OpenId Connect Provider"
-OIDC_SCOPES="openid profile email"
-
 # –––––––––––––––– OPTIONAL ––––––––––––––––
 
 TEAM_LOGO=
@@ -76,3 +67,13 @@ ALLOWED_DOMAINS=
 #SMTP_REPLY_EMAIL=
 #SMTP_TLS_CIPHERS=
 #SMTP_SECURE=true
+
+#OIDC_ENABLED=1
+#OIDC_CLIENT_ID=
+#OIDC_AUTH_URI=
+#OIDC_TOKEN_URI=
+#OIDC_USERINFO_URI=
+#OIDC_USERNAME_CLAIM=preferred_username
+#OIDC_DISPLAY_NAME="My Cool OpenId Connect Provider"
+#OIDC_SCOPES="openid profile email"
+#SECRET_OIDC_CLIENT_SECRET_VERSION=v1

compose.oidc.yml

@@ -0,0 +1,22 @@
+---
+version: "3.8"
+
+services:
+  app:
+    secrets:
+      - oidc_client_secret
+    environment:
+      - OIDC_ENABLED
+      - OIDC_AUTH_URI
+      - OIDC_CLIENT_ID
+      - OIDC_CLIENT_SECRET_FILE=/run/secrets/oidc_client_secret
+      - OIDC_DISPLAY_NAME
+      - OIDC_SCOPES
+      - OIDC_TOKEN_URI
+      - OIDC_USERINFO_URI
+      - OIDC_USERNAME_CLAIM
+
+secrets:
+  oidc_client_secret:
+    name: ${STACK_NAME}_oidc_client_secret_${SECRET_OIDC_CLIENT_SECRET_VERSION}
+    external: true

compose.yml

@@ -10,7 +10,6 @@ services:
     secrets:
       - aws_secret_key
       - db_password
-      - oidc_client_secret
       - secret_key
       - utils_secret
     configs:
@@ -29,15 +28,7 @@ services:
       - AWS_SECRET_KEY_FILE=/run/secrets/aws_secret_key
       - DATABASE_PASSWORD_FILE=/run/secrets/db_password
       - FORCE_HTTPS=true
-      - OIDC_AUTH_URI
-      - OIDC_CLIENT_ID
-      - OIDC_CLIENT_SECRET_FILE=/run/secrets/oidc_client_secret
-      - OIDC_DISPLAY_NAME
-      - OIDC_SCOPES
-      - OIDC_TOKEN_URI
-      - OIDC_USERINFO_URI
-      - OIDC_USERNAME_CLAIM
-      - PGSSLMODE=disable  
+      - PGSSLMODE=disable
       - REDIS_URL=redis://${STACK_NAME}_redis:6379
       - SECRET_KEY_FILE=/run/secrets/secret_key
       - STACK_NAME
@@ -86,9 +77,6 @@ secrets:
   aws_secret_key:
     name: ${STACK_NAME}_aws_secret_key_${SECRET_AWS_SECRET_KEY_VERSION}
     external: true
-  oidc_client_secret:
-    name: ${STACK_NAME}_oidc_client_secret_${SECRET_OIDC_CLIENT_SECRET_VERSION}
-    external: true
   db_password:
     name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
     external: true

entrypoint.sh.tmpl

@@ -1,7 +1,10 @@
 #!/bin/sh
 
 export AWS_SECRET_ACCESS_KEY=$(cat /run/secrets/aws_secret_key)
+{{ if eq (env "OIDC_ENABLED") "1" }}
 export OIDC_CLIENT_SECRET=$(cat /run/secrets/oidc_client_secret)
+{{ end }}
+
 export UTILS_SECRET=$(cat /run/secrets/utils_secret)
 export SECRET_KEY=$(cat /run/secrets/secret_key)
 export DATABASE_PASSWORD=$(cat /run/secrets/db_password)