Skip to content

Commit

Permalink
feat: jwt signing key
Browse files Browse the repository at this point in the history
  • Loading branch information
Telemaco019 committed Aug 6, 2024
1 parent c9d1923 commit 75fdc2d
Show file tree
Hide file tree
Showing 3 changed files with 17 additions and 6 deletions.
2 changes: 2 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,7 @@ Available on [Terraform Registry](https://registry.terraform.io/modules/nebuly-a
- resource.azurerm_cognitive_deployment.gpt_4o_mini (/terraform-docs/main.tf#422)
- resource.azurerm_key_vault.main (/terraform-docs/main.tf#127)
- resource.azurerm_key_vault_secret.api_key (/terraform-docs/main.tf#437)
- resource.azurerm_key_vault_secret.auth_jwt (/terraform-docs/main.tf#648)
- resource.azurerm_key_vault_secret.azuread_application_client_id (/terraform-docs/main.tf#208)
- resource.azurerm_key_vault_secret.azuread_application_client_secret (/terraform-docs/main.tf#213)
- resource.azurerm_key_vault_secret.postgres_passwords (/terraform-docs/main.tf#371)
Expand Down Expand Up @@ -117,6 +118,7 @@ Available on [Terraform Registry](https://registry.terraform.io/modules/nebuly-a
- resource.azurerm_storage_container.models (/terraform-docs/main.tf#463)
- resource.random_password.postgres_server_admin_password (/terraform-docs/main.tf#222)
- resource.tls_private_key.aks (/terraform-docs/main.tf#536)
- resource.tls_private_key.auth_jwt (/terraform-docs/main.tf#644)
- data source.azurerm_client_config.current (/terraform-docs/main.tf#47)
- data source.azurerm_resource_group.main (/terraform-docs/main.tf#44)
- data source.azurerm_subnet.aks_nodes (/terraform-docs/main.tf#53)
Expand Down
12 changes: 12 additions & 0 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -640,6 +640,18 @@ resource "azurerm_kubernetes_cluster_node_pool" "linux_pools" {
}


# ------ Auth ------ #
resource "tls_private_key" "auth_jwt" {
algorithm = "RSA"
rsa_bits = 4096
}
resource "azurerm_key_vault_secret" "auth_jwt" {
key_vault_id = azurerm_key_vault.main.id
name = format("%s-jwt-signing-key", var.resource_prefix)
value = tls_private_key.auth_jwt.private_key_pem
}



# ------ Post provisioning ------ #
locals {
Expand Down
9 changes: 3 additions & 6 deletions templates/helm-values.tpl.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -151,14 +151,11 @@ auth:
jwtSigningKey: ${k8s_secret_key_jwt_signing_key}

loginModes: "password"

# TODO: optional Microsoft SSO
microsoft:
enabled: false
redirectUri: https://${platform_domain}/backend/auth/oauth/microsoft/callback
tenantId: ""
existingSecret:
name: ${secret_provider_class_secret_name}
clientIdKey: microsoft-oauth-client-id
clientSecretKey: microsoft-oauth-client-secret
# TODO: optional Okta SSO

volumeMounts:
- name: secrets-store
Expand Down

0 comments on commit 75fdc2d

Please sign in to comment.