Version: 1.8.0

Managing the secrets in the values.yaml
GDATASoftwareAG · Jun 25, 2024 · 76e5e3d · 76e5e3d
1 parent 243f079
commit 76e5e3d
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -304,4 +304,37 @@ gdscan:
       k8sApiPort: 6443
 ```
 
+## Managing the secrets in the values.yaml
+
+By default all secrets are generated by the helm chart. If you want to manage them yourself or you are using ArgoCD, you can
+specify the secrets in the values.yaml.
+
+| Parameter                                     | Description                                                                                                                                                                    | Value  |
+| --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------ |
+| mini-identity-provider.auth.existingSecret    | Use existing secret for auth details (auth.secret will be ignored and picked up from this secret). The secret has to contain the keys id and secret                            | ""     |
+| mini-identity-provider.auth.secret            | The client secret                                                                                                                                                              | ""     |
+| mini-identity-provider.auth.id                | The Client id                                                                                                                                                                  | "vaas" |
+| mini-identity-provider.signing.existingSecret | Use existing secret for signing details (signing.cert and signing.key will be ignored and picked up from this secret). The secret has to contain the keys tls.cert and tls.key | ""     |
+| mini-identity-provider.signing.crt            | The signing/encryption certificate in PEM format                                                                                                                               | ""     |
+| mini-identity-provider.signing.key            | The signing/encryption private key in PEM format                                                                                                                               | ""     |
+
+Provide your own secret:
+
+* mini-identity-provider.auth.existingSecret   
+* mini-identity-provider.signing.existingSecret
+
+Specify secret in the values.yaml:
+
+* mini-identity-provider.auth.secret           
+* mini-identity-provider.auth.id               
+* mini-identity-provider.signing.crt           
+* mini-identity-provider.signing.key
+
+You can generate the certificate and private key with
+
+```bash
+openssl genpkey -algorithm RSA -out private_key.pem -pkeyopt rsa_keygen_bits:2048
+openssl req -new -x509 -key private_key.pem -out certificate.pem -days 3650 -subj "/CN=Mini Identity Provider Server Signing Certificate"
+```
+
 <!-- end::ProductionEnviroment[] -->
diff --git a/charts/vaas/Chart.yaml b/charts/vaas/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: vaas
-version: 1.7.2
+version: 1.8.0
 description: Deployment of a Verdict-as-a-Service on-premise instance
 maintainers:
   - name: G DATA CyberDefense AG
@@ -12,6 +12,6 @@ dependencies:
     condition: redis.enabled
     repository: oci://registry-1.docker.io/bitnamicharts
   - name: mini-identity-provider
-    version: 0.3.0
+    version: 0.4.0
     condition: mini-identity-provider.enabled
     repository: oci://ghcr.io/gdatasoftwareag