feat(secrets): use docker secrets and make them rotateable

2022-11-17 19:34:20 +01:00
parent 3be4b1356a
commit ed8b1371e4
4 changed files with 87 additions and 45 deletions
--- a/.env.sample
+++ b/.env.sample
@ -2,25 +2,17 @@ TYPE=authentik
 LETS_ENCRYPT_ENV=production

 DOMAIN={{ .Domain }}
-POSTGRES_PASSWORD=secret
-AUTHENTIK_POSTGRESQL__PASSWORD=secret
-POSTGRES_USER=authentik
 AUTHENTIK_POSTGRESQL__USER=authentik
-POSTGRES_DB=authentik
 AUTHENTIK_POSTGRESQL__NAME=authentik
 AUTHENTIK_POSTGRESQL__HOST=db
 AUTHENTIK_REDIS__HOST=redis
 AUTHENTIK_ERROR_REPORTING__ENABLED=true
 # WORKERS=1
-AUTHENTIK_SECRET_KEY=secret
-AK_ADMIN_TOKEN=secret
-AK_ADMIN_PASS=secret

 # EMAIL
 AUTHENTIK_EMAIL__HOST=smtp
 AUTHENTIK_EMAIL__PORT=25
 # AUTHENTIK_EMAIL__USERNAME=""
-# AUTHENTIK_EMAIL__PASSWORD=""
 AUTHENTIK_EMAIL__USE_TLS=false
 AUTHENTIK_EMAIL__USE_SSL=false
 AUTHENTIK_EMAIL__TIMEOUT=10
@ -28,9 +20,11 @@ AUTHENTIK_EMAIL__FROM=noreply@example.com
 AUTHENTIK_LOG_LEVEL=info

 # Secret Versions
-# SECRET_SECRET_KEY_VERSION=v1
-# SECRET_ADMIN_TOKEN_VERSION=v1
-# SECRET_ADMIN_PASS_VERSION=v1
+SECRET_SECRET_KEY_VERSION=v1
+SECRET_DB_PASSWORD_VERSION=V1
+SECRET_ADMIN_TOKEN_VERSION=v1
+SECRET_ADMIN_PASS_VERSION=v1
+SECRET_EMAIL_PASS_VERSION=v1

 # X_FRAME_OPTIONS_ALLOW_FROM=dashboard.example.org
 AUTHENTIK_COLOR_BACKGROUND_LIGHT=#1c1e21