feat(secrets): use docker secrets and make them rotateable #2

moritz · 2022-11-17T18:50:05Z

moritz commented

2022-11-17 18:50:05 +00:00

Solving #1

During the initialization the variables AK_ADMIN_PASS and AK_ADMIN_TOKEN are passed directly instead of parsing the file:// format.
Therefore, I added the abra.sh command set_admin_pass, that changes the akadmin password and token from the secrets. This can also be used for secret rotation.
Further I added the rotate_db_pass command to rotate the postgres password.

Solving #1 During the initialization the variables [`AK_ADMIN_PASS`](https://github.com/goauthentik/authentik/blob/ab021b4b7e59db3ffe52ecd9e450a331e7103005/authentik/core/migrations/0002_auto_20200523_1133_squashed_0011_provider_name_temp.py#L27) and [`AK_ADMIN_TOKEN`](https://github.com/goauthentik/authentik/blob/ab021b4b7e59db3ffe52ecd9e450a331e7103005/authentik/core/migrations/0018_auto_20210330_1345_squashed_0028_alter_token_intent.py#L51) are passed directly instead of parsing the `file://` format. Therefore, I added the `abra.sh` command `set_admin_pass`, that changes the akadmin password and token from the secrets. This can also be used for secret rotation. Further I added the `rotate_db_pass` command to rotate the postgres password.

🚀 1

moritz added 1 commit 2022-11-17 18:50:06 +00:00

ed8b1371e4 feat(secrets): use docker secrets and make them rotateable

decentral1se requested review from knoflook 2022-11-17 18:50:56 +00:00

decentral1se reviewed 2022-11-17 18:54:39 +00:00

decentral1se left a comment

Amazing! I think you probably wanna bump the recipe version as major on this one and perhaps adding some release notes e.g. https://docs.coopcloud.tech/maintainers/handbook/#how-do-i-write-version-release-notes for how others can migrate towards this new install.

README.md Outdated

						
				@ -23,2 +23,4 @@

				* `abra app new authentik --secrets`

				* `abra app config <app-name>`

				* `abra app secret insert <app_name> email_pass v1 <password>`

				* `abra app secret generate -a authentik.dev.local-it.cloud`

decentral1se commented

2022-11-17 18:51:56 +00:00

abra app secret generate -a <domain>

`abra app secret generate -a <domain>`

moritz marked this conversation as resolved

moritz added 1 commit 2022-11-17 19:16:38 +00:00

e09cc214ab Fix README

knoflook approved these changes 2022-11-17 21:50:41 +00:00

knoflook left a comment

LGTM! thanks for this amazing work :)

moritz added 1 commit 2022-11-22 10:14:25 +00:00

fcb54027d0 chore: publish 1.0.0+2022.10.1 release

moritz commented

2022-11-22 10:16:06 +00:00

Amazing! I think you probably wanna bump the recipe version as major on this one and perhaps adding some release notes e.g. https://docs.coopcloud.tech/maintainers/handbook/#how-do-i-write-version-release-notes for how others can migrate towards this new install.

Done. I bumped the recipe version and added release notes.

> Amazing! I think you probably wanna bump the recipe version as major on this one and perhaps adding some release notes e.g. https://docs.coopcloud.tech/maintainers/handbook/#how-do-i-write-version-release-notes for how others can migrate towards this new install. Done. I bumped the recipe version and added release notes.

decentral1se approved these changes 2022-11-22 12:45:20 +00:00

decentral1se commented

2022-11-22 12:45:56 +00:00

Yeh @moritz, great stuff.

I leave you the honour of clicking the big green button in the sky.

Best get used to it 🙃

Yeh @moritz, great stuff. I leave you the honour of clicking the big green button in the sky. Best get used to it 🙃

moritz merged commit fcb54027d0 into main

2022-11-23 11:12:42 +00:00

moritz deleted branch secrets

2022-11-23 11:12:43 +00:00

Sign in to join this conversation.

No reviewers

No Label

No Milestone

No project

No Assignees

3 Participants

Notifications

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: coop-cloud/authentik#2