poprhythm
907d214b5c
- Switch X_AUTHELIA_CONFIG_FILTERS from template to expand-env so ${VAR}
syntax in config files is actually substituted
- Add missing env var pass-throughs for OIDC HMAC secret and client secrets
- Update git config client_secret fields to use ${VAR} syntax (matching host)
- Update .env.example to document all required Portainer env vars
19 lines
754 B
Bash
19 lines
754 B
Bash
# Authelia secrets — set all of these in Portainer stack environment variables
|
|
# Generate random values with: openssl rand -hex 32
|
|
|
|
# Core secrets
|
|
AUTHELIA_JWT_SECRET=
|
|
AUTHELIA_SESSION_SECRET=
|
|
AUTHELIA_STORAGE_ENCRYPTION_KEY=
|
|
|
|
# OIDC HMAC secret (signs OIDC tokens)
|
|
AUTHELIA_IDENTITY_PROVIDERS_OIDC_HMAC_SECRET=
|
|
|
|
# OIDC client secrets — store as bcrypt hashes here, plaintext in each client app
|
|
# Generate hash: docker run --rm authelia/authelia:4.38 authelia crypto hash generate bcrypt --password <plaintext>
|
|
AUTHELIA_OIDC_CLIENT_SECRET_OPEN_WEBUI=
|
|
AUTHELIA_OIDC_CLIENT_SECRET_LINKDING=
|
|
|
|
# Note: the OIDC JWK private key is managed directly in /srv/authelia/config/configuration.yml
|
|
# (never committed to git). See the inline comment in that file.
|