SIGNING_KEY should be use

Question

SIGNING_KEY should be use

anhdle14 opened this issue 3 years ago · 0 comments

What happened?

Try to centralize all secrets for config in one place, and found out that signing-key is set up in Helm and not SIGNING_KEY.

The helm values important lines are:

# values.yaml
config:
  existingSigningKeySecret: pomerium-secrets

# pomerium-secrets k8s file
---
kind: Secret
stringData:
  ...
  SIGNING_KEY: ---REDACTED---
  ...

charts/pomerium/templates/signing-key-secret.yaml
https://www.pomerium.com/reference/#signing-key

Because helm expects the key to be signing-key

What did you expect to happen?

Use SIGNING_KEY as key and Helm should accept.

Steps to reproduce

Create the pomerium-secret
Apply values.yaml
Error from logs with existing secret does not have signing-key secret key.

What's your environment like?

Chart version: irrelevant
Container image: irrelevant
Kubernetes version: irrelevant
Cloud provider: irrelevant
Other details: irrelevant

What are your chart values?

...
config:
  existingSigningKeySecret: pomerium-secrets
...

What are the contents of your config secret?

kubectl get secret pomerium -o=jsonpath="{.data['config\.yaml']}" | base64 -D

# irrelevant

What did you see in the logs?

# forgot to record the full logs but it should basically tell the existing secret does not have a key named signing-key.

Additional context

Add any other context about the problem here.