auto generate encryption key, and use secrets
This commit is contained in:
parent
f8eb726072
commit
5de3967695
|
@ -65,7 +65,10 @@ spec:
|
||||||
- name: ENABLE_ANALYTICS
|
- name: ENABLE_ANALYTICS
|
||||||
value: {{ .Values.globals.enableAnalytics | quote }}
|
value: {{ .Values.globals.enableAnalytics | quote }}
|
||||||
- name: API_ENCRYPTION_KEY
|
- name: API_ENCRYPTION_KEY
|
||||||
value: {{ .Values.globals.apiEncryptionKey | quote }}
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: {{ template "budibase.fullname" . }}
|
||||||
|
key: apiEncryptionKey
|
||||||
- name: HTTP_LOGGING
|
- name: HTTP_LOGGING
|
||||||
value: {{ .Values.services.apps.httpLogging | quote }}
|
value: {{ .Values.services.apps.httpLogging | quote }}
|
||||||
- name: INTERNAL_API_KEY
|
- name: INTERNAL_API_KEY
|
||||||
|
@ -161,7 +164,10 @@ spec:
|
||||||
- name: TENANT_FEATURE_FLAGS
|
- name: TENANT_FEATURE_FLAGS
|
||||||
value: {{ .Values.globals.tenantFeatureFlags | quote }}
|
value: {{ .Values.globals.tenantFeatureFlags | quote }}
|
||||||
- name: ENCRYPTION_KEY
|
- name: ENCRYPTION_KEY
|
||||||
value: {{ .Values.globals.bbEncryptionKey | quote }}
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: {{ template "budibase.fullname" . }}
|
||||||
|
key: bbEncryptionKey
|
||||||
{{ if .Values.globals.bbAdminUserEmail }}
|
{{ if .Values.globals.bbAdminUserEmail }}
|
||||||
- name: BB_ADMIN_USER_EMAIL
|
- name: BB_ADMIN_USER_EMAIL
|
||||||
value: {{ .Values.globals.bbAdminUserEmail | quote }}
|
value: {{ .Values.globals.bbAdminUserEmail | quote }}
|
||||||
|
|
|
@ -58,7 +58,10 @@ spec:
|
||||||
- name: ENABLE_ANALYTICS
|
- name: ENABLE_ANALYTICS
|
||||||
value: {{ .Values.globals.enableAnalytics | quote }}
|
value: {{ .Values.globals.enableAnalytics | quote }}
|
||||||
- name: API_ENCRYPTION_KEY
|
- name: API_ENCRYPTION_KEY
|
||||||
value: {{ .Values.globals.apiEncryptionKey | quote }}
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: {{ template "budibase.fullname" . }}
|
||||||
|
key: apiEncryptionKey
|
||||||
- name: HTTP_LOGGING
|
- name: HTTP_LOGGING
|
||||||
value: {{ .Values.services.automationWorkers.httpLogging | quote }}
|
value: {{ .Values.services.automationWorkers.httpLogging | quote }}
|
||||||
- name: INTERNAL_API_KEY
|
- name: INTERNAL_API_KEY
|
||||||
|
@ -154,7 +157,10 @@ spec:
|
||||||
- name: TENANT_FEATURE_FLAGS
|
- name: TENANT_FEATURE_FLAGS
|
||||||
value: {{ .Values.globals.tenantFeatureFlags | quote }}
|
value: {{ .Values.globals.tenantFeatureFlags | quote }}
|
||||||
- name: ENCRYPTION_KEY
|
- name: ENCRYPTION_KEY
|
||||||
value: {{ .Values.globals.bbEncryptionKey | quote }}
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: {{ template "budibase.fullname" . }}
|
||||||
|
key: bbEncryptionKey
|
||||||
{{ if .Values.globals.bbAdminUserEmail }}
|
{{ if .Values.globals.bbAdminUserEmail }}
|
||||||
- name: BB_ADMIN_USER_EMAIL
|
- name: BB_ADMIN_USER_EMAIL
|
||||||
value: {{ .Values.globals.bbAdminUserEmail | quote }}
|
value: {{ .Values.globals.bbAdminUserEmail | quote }}
|
||||||
|
|
|
@ -16,10 +16,14 @@ data:
|
||||||
jwtSecret: {{ index $existingSecret.data "jwtSecret" }}
|
jwtSecret: {{ index $existingSecret.data "jwtSecret" }}
|
||||||
objectStoreAccess: {{ index $existingSecret.data "objectStoreAccess" }}
|
objectStoreAccess: {{ index $existingSecret.data "objectStoreAccess" }}
|
||||||
objectStoreSecret: {{ index $existingSecret.data "objectStoreSecret" }}
|
objectStoreSecret: {{ index $existingSecret.data "objectStoreSecret" }}
|
||||||
|
bbEncryptionKey: {{ index $existingSecret.data "bbEncryptionKey" }}
|
||||||
|
apiEncryptionKey: {{ index $existingSecret.data "apiEncryptionKey" }}
|
||||||
{{- else }}
|
{{- else }}
|
||||||
internalApiKey: {{ template "budibase.defaultsecret" .Values.globals.internalApiKey }}
|
internalApiKey: {{ template "budibase.defaultsecret" .Values.globals.internalApiKey }}
|
||||||
jwtSecret: {{ template "budibase.defaultsecret" .Values.globals.jwtSecret }}
|
jwtSecret: {{ template "budibase.defaultsecret" .Values.globals.jwtSecret }}
|
||||||
objectStoreAccess: {{ template "budibase.defaultsecret" .Values.services.objectStore.accessKey }}
|
objectStoreAccess: {{ template "budibase.defaultsecret" .Values.services.objectStore.accessKey }}
|
||||||
objectStoreSecret: {{ template "budibase.defaultsecret" .Values.services.objectStore.secretKey }}
|
objectStoreSecret: {{ template "budibase.defaultsecret" .Values.services.objectStore.secretKey }}
|
||||||
|
bbEncryptionKey: {{ template "budibase.defaultsecret" "" }}
|
||||||
|
apiEncryptionKey: {{ template "budibase.defaultsecret" "" }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
|
@ -65,7 +65,10 @@ spec:
|
||||||
{{ end }}
|
{{ end }}
|
||||||
{{ end }}
|
{{ end }}
|
||||||
- name: API_ENCRYPTION_KEY
|
- name: API_ENCRYPTION_KEY
|
||||||
value: {{ .Values.globals.apiEncryptionKey | quote }}
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: {{ template "budibase.fullname" . }}
|
||||||
|
key: apiEncryptionKey
|
||||||
- name: HTTP_LOGGING
|
- name: HTTP_LOGGING
|
||||||
value: {{ .Values.services.worker.httpLogging | quote }}
|
value: {{ .Values.services.worker.httpLogging | quote }}
|
||||||
- name: INTERNAL_API_KEY
|
- name: INTERNAL_API_KEY
|
||||||
|
@ -167,7 +170,10 @@ spec:
|
||||||
- name: TENANT_FEATURE_FLAGS
|
- name: TENANT_FEATURE_FLAGS
|
||||||
value: {{ .Values.globals.tenantFeatureFlags | quote }}
|
value: {{ .Values.globals.tenantFeatureFlags | quote }}
|
||||||
- name: ENCRYPTION_KEY
|
- name: ENCRYPTION_KEY
|
||||||
value: {{ .Values.globals.bbEncryptionKey | quote }}
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: {{ template "budibase.fullname" . }}
|
||||||
|
key: bbEncryptionKey
|
||||||
{{ if .Values.globals.datadogApmEnabled }}
|
{{ if .Values.globals.datadogApmEnabled }}
|
||||||
- name: DD_LOGS_INJECTION
|
- name: DD_LOGS_INJECTION
|
||||||
value: {{ .Values.globals.datadogApmEnabled | quote }}
|
value: {{ .Values.globals.datadogApmEnabled | quote }}
|
||||||
|
|
Loading…
Reference in New Issue