diff --git a/charts/openfga/templates/deployment.yaml b/charts/openfga/templates/deployment.yaml index ef18b1b..9248102 100644 --- a/charts/openfga/templates/deployment.yaml +++ b/charts/openfga/templates/deployment.yaml @@ -246,6 +246,12 @@ spec: {{- if .Values.authn.preshared.keys }} - name: OPENFGA_AUTHN_PRESHARED_KEYS value: "{{ join "," .Values.authn.preshared.keys }}" + {{- else if .Values.authn.preshared.keysSecret }} + - name: OPENFGA_AUTHN_PRESHARED_KEYS + valueFrom: + secretKeyRef: + name: "{{ .Values.authn.preshared.keysSecret }}" + key: "presharedKeys" {{- end }} {{- if .Values.authn.oidc.audience }} diff --git a/charts/openfga/values.schema.json b/charts/openfga/values.schema.json index c6b2b44..6aea733 100644 --- a/charts/openfga/values.schema.json +++ b/charts/openfga/values.schema.json @@ -506,6 +506,13 @@ "type": "string", "minItems": 1 } + }, + "keysSecret": { + "type": [ + "string", + "null" + ], + "description": "the secret name where to get the preshared keys, it expects a key named 'presharedKeys' to exist in the secret containing a comma-separated list of keys" } } }, diff --git a/charts/openfga/values.yaml b/charts/openfga/values.yaml index abe324a..c96fc45 100644 --- a/charts/openfga/values.yaml +++ b/charts/openfga/values.yaml @@ -242,7 +242,11 @@ http: authn: method: preshared: + # Specify a list of preshared keys directly: keys: [] + # Or reference a secret that contains a list of preshared keys: + # Secret should have a "presharedKeys" key + # keysSecret: "my-preshared-keys-secret" oidc: audience: issuer: