Fix Authelia OIDC client secrets using template secret files
- Switch from unsupported \${VAR} substitution to {{ secret "..." }} template syntax
- Enable X_AUTHELIA_CONFIG_FILTERS=template in compose
- Client secrets now loaded from /config/secrets/oidc_* files on host
- Use PBKDF2-SHA512 hashes (not bcrypt, not plaintext)
This commit is contained in:
@@ -5,7 +5,11 @@ AUTHELIA_JWT_SECRET=
|
||||
AUTHELIA_SESSION_SECRET=
|
||||
AUTHELIA_STORAGE_ENCRYPTION_KEY=
|
||||
|
||||
# OIDC client secrets — generate with: openssl rand -hex 32
|
||||
# OIDC HMAC secret (top-level key, env var works here)
|
||||
AUTHELIA_IDENTITY_PROVIDERS_OIDC_HMAC_SECRET=
|
||||
AUTHELIA_OIDC_CLIENT_SECRET_LINKDING=
|
||||
AUTHELIA_OIDC_CLIENT_SECRET_OPEN_WEBUI=
|
||||
|
||||
# OIDC client secrets are stored as PBKDF2-SHA512 hashes in secret files on the host:
|
||||
# /srv/authelia/config/secrets/oidc_linkding
|
||||
# /srv/authelia/config/secrets/oidc_open_webui
|
||||
# Generate a hash: docker run --rm authelia/authelia:4.38 authelia crypto hash generate pbkdf2 --variant sha512 --password <secret>
|
||||
# The plaintext goes in the client app (e.g. LINKDING_OIDC_CLIENT_SECRET in linkding stack)
|
||||
|
||||
Reference in New Issue
Block a user