From 8f02e3018c8d90096fe7e94f0d396c70490d4c3e Mon Sep 17 00:00:00 2001 From: kisfenyo Date: Sun, 28 Dec 2025 14:24:20 +0100 Subject: [PATCH] vaultwarden added oauth --- vaultwarden-system/vaultwarden.yaml | 29 +++++++++++++++++++++++++---- 1 file changed, 25 insertions(+), 4 deletions(-) diff --git a/vaultwarden-system/vaultwarden.yaml b/vaultwarden-system/vaultwarden.yaml index 7f158b4..0d0a1be 100644 --- a/vaultwarden-system/vaultwarden.yaml +++ b/vaultwarden-system/vaultwarden.yaml @@ -10,7 +10,6 @@ metadata: labels: app.kubernetes.io/instance: vaultwarden app.kubernetes.io/name: vaultwarden - app.kubernetes.io/version: 1.34.3 name: vaultwarden namespace: vaultwarden-system spec: @@ -26,11 +25,10 @@ spec: labels: app.kubernetes.io/instance: vaultwarden app.kubernetes.io/name: vaultwarden - app.kubernetes.io/version: 1.34.3 spec: containers: - name: vaultwarden - image: vaultwarden/server:1.34.3 + image: vaultwarden/server:1.35.0 imagePullPolicy: IfNotPresent env: - name: TZ @@ -77,6 +75,30 @@ spec: key: from-address - name: SMTP_FROM_NAME value: Vaultwarden + - name: SSO_ENABLED + value: "true" + - name: SSO_AUTHORITY + value: "https://authentik.dooplex.hu/application/o/vaultwarden/" + - name: SSO_CLIENT_ID + valueFrom: + secretKeyRef: + name: vaultwarden-oauth + key: client-id + - name: SSO_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: vaultwarden-oauth + key: client-secret + - name: SSO_SCOPES + value: "openid email profile offline_access" + - name: SSO_ALLOW_UNKNOWN_EMAIL_VERIFICATION + value: "false" + - name: SSO_CLIENT_CACHE_EXPIRATION + value: "0" + - name: SSO_ONLY + value: "false" # Set to true to disable email+password login + - name: SSO_SIGNUPS_MATCH_EMAIL + value: "true" ports: - containerPort: 80 name: http @@ -118,7 +140,6 @@ metadata: labels: app.kubernetes.io/instance: vaultwarden app.kubernetes.io/name: vaultwarden - app.kubernetes.io/version: 1.34.3 name: vaultwarden namespace: vaultwarden-system spec: