From 76e5e3d255ff4d45a1c7b604ee39e74f44358e5c Mon Sep 17 00:00:00 2001
From: Philip Stadermann <philip.stadermann@gdata.de>
Date: Tue, 25 Jun 2024 15:08:28 +0200
Subject: [PATCH] Version: 1.8.0

Managing the secrets in the values.yaml
---
 README.md              | 33 +++++++++++++++++++++++++++++++++
 charts/vaas/Chart.yaml |  4 ++--
 2 files changed, 35 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 023d162..204b1ee 100644
--- a/README.md
+++ b/README.md
@@ -304,4 +304,37 @@ gdscan:
       k8sApiPort: 6443
 ```
 
+## Managing the secrets in the values.yaml
+
+By default all secrets are generated by the helm chart. If you want to manage them yourself or you are using ArgoCD, you can
+specify the secrets in the values.yaml.
+
+| Parameter                                     | Description                                                                                                                                                                    | Value  |
+| --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------ |
+| mini-identity-provider.auth.existingSecret    | Use existing secret for auth details (auth.secret will be ignored and picked up from this secret). The secret has to contain the keys id and secret                            | ""     |
+| mini-identity-provider.auth.secret            | The client secret                                                                                                                                                              | ""     |
+| mini-identity-provider.auth.id                | The Client id                                                                                                                                                                  | "vaas" |
+| mini-identity-provider.signing.existingSecret | Use existing secret for signing details (signing.cert and signing.key will be ignored and picked up from this secret). The secret has to contain the keys tls.cert and tls.key | ""     |
+| mini-identity-provider.signing.crt            | The signing/encryption certificate in PEM format                                                                                                                               | ""     |
+| mini-identity-provider.signing.key            | The signing/encryption private key in PEM format                                                                                                                               | ""     |
+
+Provide your own secret:
+
+* mini-identity-provider.auth.existingSecret   
+* mini-identity-provider.signing.existingSecret
+
+Specify secret in the values.yaml:
+
+* mini-identity-provider.auth.secret           
+* mini-identity-provider.auth.id               
+* mini-identity-provider.signing.crt           
+* mini-identity-provider.signing.key
+
+You can generate the certificate and private key with
+
+```bash
+openssl genpkey -algorithm RSA -out private_key.pem -pkeyopt rsa_keygen_bits:2048
+openssl req -new -x509 -key private_key.pem -out certificate.pem -days 3650 -subj "/CN=Mini Identity Provider Server Signing Certificate"
+```
+
 <!-- end::ProductionEnviroment[] -->
\ No newline at end of file
diff --git a/charts/vaas/Chart.yaml b/charts/vaas/Chart.yaml
index 2db3e41..9376dd2 100644
--- a/charts/vaas/Chart.yaml
+++ b/charts/vaas/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: vaas
-version: 1.7.2
+version: 1.8.0
 description: Deployment of a Verdict-as-a-Service on-premise instance
 maintainers:
   - name: G DATA CyberDefense AG
@@ -12,6 +12,6 @@ dependencies:
     condition: redis.enabled
     repository: oci://registry-1.docker.io/bitnamicharts
   - name: mini-identity-provider
-    version: 0.3.0
+    version: 0.4.0
     condition: mini-identity-provider.enabled
     repository: oci://ghcr.io/gdatasoftwareag