Merge pull request #8 from punkle/master

it is safer if the jwt.secret is not set by default
vouch · Mar 13, 2021 · e51fc8c · e51fc8c
2 parents 10ee1e6 + 294f99d
commit e51fc8c
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 2 deletions.
diff --git a/Chart.yaml b/Chart.yaml
@@ -3,7 +3,7 @@ apiVersion: v1
 appVersion: "0.17.3"
 description: An SSO and OAuth login solution for nginx using the auth_request module
 name: vouch
-version: 1.0.0
+version: 1.1.0
 icon: https://avatars0.githubusercontent.com/u/45102943?s=200&v=4
 sources:
   - https://github.com/vouch/vouch-proxy/

diff --git a/templates/secret.yaml b/templates/secret.yaml
@@ -1,4 +1,7 @@
 {{- if not .Values.existingSecretName }}
+{{- if (lt (len .Values.config.vouch.jwt.secret) 1) }}
+  {{ fail "`config.vouch.jwt.secret` is not set and we are no longer providing a weak default" }}
+{{- end }}
 apiVersion: v1
 kind: Secret
 metadata:

diff --git a/values.yaml b/values.yaml
@@ -108,7 +108,7 @@ config:
     allowAllUsers: false
     whiteList: []
     jwt:
-      secret: super-secret-stuff
+      secret: ''
     testing: false
 
   oauth: