builtin-user-mgmt-secrets.yaml

Chart Version: latest

---
apiVersion: v1
kind: Secret
metadata:
  name: ldap-bind-secrets # default for secretRefs.ldapSecretRef
type: Opaque
data:
  # how to generate: base64 encode a random string (reasonable long and mixed characters)
  # example generation command: `tr -cd '[:alnum:],.' < /dev/urandom | fold -w 50 | head -n 1 | base64`
  reva-ldap-bind-password: XXXXXXXXXXXXX

  # how to generate: base64 encode a random string (reasonable long and mixed characters)
  # example generation command: `tr -cd '[:alnum:],.' < /dev/urandom | fold -w 50 | head -n 1 | base64`
  idp-ldap-bind-password: XXXXXXXXXXXXX

  # how to generate: base64 encode a random string (reasonable long and mixed characters)
  # example generation command: `tr -cd '[:alnum:],.' < /dev/urandom | fold -w 50 | head -n 1 | base64`
  graph-ldap-bind-password: XXXXXXXXXXXXX

---
apiVersion: v1
kind: Secret
metadata:
  name: ldap-ca # default for secretRefs.ldapCaRef
type: Opaque
data:
  # how to generate: base64 encode the pem-encoded certificate of a (self-signed) x509 certificate authority
  # example generation commands:
  #  - `openssl genrsa -out ldap-ca.key 4096`
  #  - `openssl req -new -x509 -days 3650 -key ldap-ca.key -out ldap-ca.crt`
  #  - `cat ldap-ca.crt | base64 | tr -d '\n' && echo`
  ldap-ca.crt: XXXXXXXXXXXXX

---
apiVersion: v1
kind: Secret
metadata:
  name: ldap-cert # default for secretRefs.ldapCertRef
type: Opaque
data:
  # how to generate: base64 encode a private key (eg. ed25519, ensure that you use reasonable long key size)
  # example generation commands:
  #  - `openssl genrsa -out ldap.key 4096`
  #  - `cat ldap.key | base64 | tr -d '\n' && echo`
  ldap.key: XXXXXXXXXXXXX

  # how to generate: base64 encode a x509 certificate signed by the above CA, using the above private key.
  # example generation commands:
  #  - `openssl req -new -subj "/CN=idm" -key ldap.key -out ldap.csr`
  #  - `openssl x509 -req -extensions SAN -extfile <(cat /etc/ssl/openssl.cnf <(printf "\n[SAN]\nsubjectAltName=DNS:idm")) -days 365 -in ldap.csr -CA ldap-ca.crt -CAkey ldap-ca.key -out ldap.crt -CAcreateserial`
  #  - `cat ldap.crt | base64 | tr -d '\n' && echo`
  ldap.crt: XXXXXXXXXXXXX

---
apiVersion: v1
kind: Secret
metadata:
  name: admin-user # default for secreRefs.adminUserSecretRef
type: Opaque
data:
  # how to generate: base64 encode a UUID V4
  # example generation command: `cat /proc/sys/kernel/random/uuid | tr -d '\n' | base64`
  user-id: XXXXXXXXXXXXX

  # how to generate: base64 encode a random string (reasonable long and mixed characters)
  # example generation command: `tr -cd '[a-zA-Z0-9],.' < /dev/urandom | fold -w 50 | head -n 1 | tr -d '\n' | base64`
  password: XXXXXXXXXXXXX

---
apiVersion: v1
kind: Secret
metadata:
  name: idp-secrets # default for secretRefs.idpSecretRef
type: Opaque
data:
  # how to generate: base64 encode a random 32 byte string (mixed characters)
  # example generation command: `openssl rand 32 | base64`
  encryption.key: XXXXXXXXXXXXX

  # how to generate: base64 encode a private key (eg. RSA, ensure that you use reasonable long key size)
  # example generation command: `openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 2> /dev/null | base64 | tr -d '\n'`
  private-key.pem: XXXXXXXXXXXXX