builtin-user-mgmt-secrets.yaml

Chart Version: 0.0.0

---
apiVersion: v1
kind: Secret
metadata:
  name: ldap-bind-secrets
type: Opaque
data:
  # how to generate: base64 encode a random string (reasonable long and mixed characters)
  # example generation command: `tr -cd '[:alnum:],.' < /dev/urandom | fold -w 50 | head -n 1 | base64`
  reva-ldap-bind-password: XXXXXXXXXXXXX

  # how to generate: base64 encode a random string (reasonable long and mixed characters)
  # example generation command: `tr -cd '[:alnum:],.' < /dev/urandom | fold -w 50 | head -n 1 | base64`
  idp-ldap-bind-password: XXXXXXXXXXXXX

  # how to generate: base64 encode a random string (reasonable long and mixed characters)
  # example generation command: `tr -cd '[:alnum:],.' < /dev/urandom | fold -w 50 | head -n 1 | base64`
  graph-ldap-bind-password: XXXXXXXXXXXXX

---
apiVersion: v1
kind: Secret
metadata:
  name: ldap-ca
type: Opaque
data:
  # how to generate: base64 encode the pem-encoded certificate of a (self-signed) x509 certificate authority
  # example generation commands:
  #  - `openssl genrsa -out ldap-ca.key 4096`
  #  - `openssl req -new -x509 -days 3650 -key ldap-ca.key -out ldap-ca.crt`
  #  - `cat ldap-ca.crt | base64 | tr -d '\n' && echo`
  ldap-ca.crt: XXXXXXXXXXXXX

---
apiVersion: v1
kind: Secret
metadata:
  name: ldap-cert
type: Opaque
data:
  # how to generate: base64 encode a private key (eg. ed25519, ensure that you use reasonable long key size)
  # example generation commands:
  #  - `openssl genrsa -out ldap.key 4096`
  #  - `cat ldap.key | base64 | tr -d '\n' && echo`
  ldap.key: XXXXXXXXXXXXX

  # how to generate: base64 encode a x509 certificate signed by the above CA, using the above private key.
  # example generation commands:
  #  - `openssl req -new -subj "/CN=idm" -key ldap.key -out ldap.csr`
  #  - `openssl x509 -req -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=DNS:idm")) -days 365 -in ldap.csr -CA ldap-ca.crt -CAkey ldap-ca.key -out ldap.crt -CAcreateserial`
  #  - `cat ldap.crt | base64 | tr -d '\n' && echo`
  ldap.crt: XXXXXXXXXXXXX