batazor/values.yml Secret

## values.yml
# Kratos ===============================================================================================================
kratos:
  enabled: true

  image:
    tag: v0.9.0-alpha.3

  ingress:
    admin:
      enabled: false
    public:
      enabled: true
      annotations:
        kubernetes.io/ingress.class: nginx
        cert-manager.io/cluster-issuer: cert-manager-production
        nginx.ingress.kubernetes.io/enable-modsecurity: "true"
        nginx.ingress.kubernetes.io/enable-owasp-core-rules: "true"
        nginx.ingress.kubernetes.io/enable-opentracing: "false"
        kubernetes.io/tls-acme: "true"
        nginx.ingress.kubernetes.io/rewrite-target: /$1
        nginx.ingress.kubernetes.io/use-regex: "true"
      hosts:
        - host: shortlink.ddns.net
          paths:
            - path: /api/auth\/(.*)
              pathType: Prefix
      tls:
        - secretName: shortlink-ingress-tls
          hosts:
            - shortlink.ddns.net

  kratos:
    config:
      dsn: memory

      identity:
        default_schema_id: default
        schemas:
          - id: default
            url: file:///etc/config/identity.default.schema.json

      serve:
        public:
          # Kratos uses cookies so you must always connect from "127.0.0.1"
          base_url: http://shortlink-api-kratos-public.shortlink:4433
          cors:
            enabled: true
            debug: true
            allowed_origins:
              - http://127.0.0.1:3000
              - https://shortlink.ddns.net
            allowed_methods:
              - POST
              - GET
              - PUT
              - PATCH
              - DELETE
              - OPTIONS
            allowed_headers:
              - Authorization
              - Cookie
              - Origin
              - X-Session-Token
            exposed_headers:
              - Content-Type
              - Set-Cookie
            allow_credentials: true
        admin:
          base_url: http://127.0.0.1:4434/

      session:
        # 30 days
        lifespan: 720h
        cookie:
          domain: http://127.0.0.1:3000
          same_site: Lax

      selfservice:
        default_browser_return_url: http://127.0.0.1:3000/next/
        allowed_return_urls:
          - http://127.0.0.1:3000

        methods:
          password:
            enabled: true
          profile:
            enabled: true
          link:
            enabled: true
          oidc:
            enabled: true
            config:
              providers:
                # this is `<provider-id>` in the Authorization callback URL. DO NOT CHANGE IT ONCE SET!
                - id: github
                  provider: github
                  # Replace this with the OAuth2 Client ID provided by GitHub
                  client_id: ....
                  # Replace this with the OAuth2 Client Secret provided by GitHub
                  client_secret: ....
                  mapper_url: file:///etc/config/kratos/oidc.github.jsonnet
                  scope:
                    - user:email
                 # this is `<provider-id>` in the Authorization callback URL. DO NOT CHANGE IT ONCE SET!
                - id: gitlab
                  provider: gitlab
                  # Replace this with the OAuth2 Client ID provided by GitLab
                  client_id: ....
                  # Replace this with the OAuth2 Client Secret provided by GitLab
                  client_secret: ....
                  mapper_url: file:///etc/config/kratos/oidc.gitlab.jsonnet
                  scope:
                    - read_user
                    - openid
                    - profile
                    - email

        # These `ui_url` values are entirely dependant upon your setup.
        # For this example, the React-app runs in development mode on the default port of 3000.
        # You can see how this would change for a production environment or other solutions.
        flows:
          error:
            ui_url: http://127.0.0.1:3000/next/error

          settings:
            ui_url: http://127.0.0.1:3000/next/auth/profile
            # Sessions older than a minute requires the user to sign in again before
            # the password is changed.
            privileged_session_max_age: 15m

          recovery:
            enabled: true
            ui_url: http://127.0.0.1:3000/next/auth/recovery

          verification:
            enabled: true
            ui_url: http://127.0.0.1:3000/next/auth/verify
            after:
              default_browser_return_url: http://127.0.0.1:3000/next/

          logout:
            after:
              default_browser_return_url: http://127.0.0.1:3000/next/auth/login

          login:
            ui_url: http://127.0.0.1:3000/next/auth/login
            lifespan: 10m

          registration:
            lifespan: 10m
            ui_url: http://127.0.0.1:3000/next/auth/registration
            after:
              password:
                hooks:
                  - hook: session
              oidc:
                hooks:
                  - hook: session

      log:
        level: debug
        format: json
        leak_sensitive_values: true

      secrets:
        cookie:
          # This is an example; secret must be this length (32 chars).
          - PLEASE-CHANGE-ME-I-AM-VERY-INSECURE

      hashers:
        argon2:
          parallelism: 1
          memory: 128MB
          iterations: 2
          salt_length: 16
          key_length: 16

      courier:
        smtp:
          connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=true
          from_address: no-reply@shortlink.com

    development: true
    # autoMigrate is relying on a simple initContainer mechanism
    # Do not turn it on if the replicaCount > 1
    autoMigrate: false

    #  You can add multiple identity schemas here
    identitySchemas:
      "identity.default.schema.json": |
        {
          "$id": "https://schemas.ory.sh/presets/kratos/quickstart/email-password/identity.schema.json",
          "$schema": "http://json-schema.org/draft-07/schema#",
          "title": "Person",
          "type": "object",
          "properties": {
            "traits": {
              "type": "object",
              "properties": {
                "email": {
                  "type": "string",
                  "format": "email",
                  "title": "E-Mail",
                  "minLength": 3,
                  "ory.sh/kratos": {
                    "credentials": {
                      "password": {
                        "identifier": true
                      }
                    },
                    "verification": {
                      "via": "email"
                    },
                    "recovery": {
                      "via": "email"
                    }
                  }
                },
                "name": {
                  "type": "object",
                  "properties": {
                    "first": {
                      "title": "First Name",
                      "type": "string"
                    },
                    "last": {
                      "title": "Last Name",
                      "type": "string"
                    }
                  }
                }
              },
              "required": [
                "email"
              ],
              "additionalProperties": false
            }
          }
        }
	# Kratos ===============================================================================================================
	kratos:
	enabled: true

	image:
	tag: v0.9.0-alpha.3

	ingress:
	admin:
	enabled: false
	public:
	enabled: true
	annotations:
	kubernetes.io/ingress.class: nginx
	cert-manager.io/cluster-issuer: cert-manager-production
	nginx.ingress.kubernetes.io/enable-modsecurity: "true"
	nginx.ingress.kubernetes.io/enable-owasp-core-rules: "true"
	nginx.ingress.kubernetes.io/enable-opentracing: "false"
	kubernetes.io/tls-acme: "true"
	nginx.ingress.kubernetes.io/rewrite-target: /$1
	nginx.ingress.kubernetes.io/use-regex: "true"
	hosts:
	- host: shortlink.ddns.net
	paths:
	- path: /api/auth\/(.*)
	pathType: Prefix
	tls:
	- secretName: shortlink-ingress-tls
	hosts:
	- shortlink.ddns.net

	kratos:
	config:
	dsn: memory

	identity:
	default_schema_id: default
	schemas:
	- id: default
	url: file:///etc/config/identity.default.schema.json

	serve:
	public:
	# Kratos uses cookies so you must always connect from "127.0.0.1"
	base_url: http://shortlink-api-kratos-public.shortlink:4433
	cors:
	enabled: true
	debug: true
	allowed_origins:
	- http://127.0.0.1:3000
	- https://shortlink.ddns.net
	allowed_methods:
	- POST
	- GET
	- PUT
	- PATCH
	- DELETE
	- OPTIONS
	allowed_headers:
	- Authorization
	- Cookie
	- Origin
	- X-Session-Token
	exposed_headers:
	- Content-Type
	- Set-Cookie
	allow_credentials: true
	admin:
	base_url: http://127.0.0.1:4434/

	session:
	# 30 days
	lifespan: 720h
	cookie:
	domain: http://127.0.0.1:3000
	same_site: Lax

	selfservice:
	default_browser_return_url: http://127.0.0.1:3000/next/
	allowed_return_urls:
	- http://127.0.0.1:3000

	methods:
	password:
	enabled: true
	profile:
	enabled: true
	link:
	enabled: true
	oidc:
	enabled: true
	config:
	providers:
	# this is `<provider-id>` in the Authorization callback URL. DO NOT CHANGE IT ONCE SET!
	- id: github
	provider: github
	# Replace this with the OAuth2 Client ID provided by GitHub
	client_id: ....
	# Replace this with the OAuth2 Client Secret provided by GitHub
	client_secret: ....
	mapper_url: file:///etc/config/kratos/oidc.github.jsonnet
	scope:
	- user:email
	# this is `<provider-id>` in the Authorization callback URL. DO NOT CHANGE IT ONCE SET!
	- id: gitlab
	provider: gitlab
	# Replace this with the OAuth2 Client ID provided by GitLab
	client_id: ....
	# Replace this with the OAuth2 Client Secret provided by GitLab
	client_secret: ....
	mapper_url: file:///etc/config/kratos/oidc.gitlab.jsonnet
	scope:
	- read_user
	- openid
	- profile
	- email

	# These `ui_url` values are entirely dependant upon your setup.
	# For this example, the React-app runs in development mode on the default port of 3000.
	# You can see how this would change for a production environment or other solutions.
	flows:
	error:
	ui_url: http://127.0.0.1:3000/next/error

	settings:
	ui_url: http://127.0.0.1:3000/next/auth/profile
	# Sessions older than a minute requires the user to sign in again before
	# the password is changed.
	privileged_session_max_age: 15m

	recovery:
	enabled: true
	ui_url: http://127.0.0.1:3000/next/auth/recovery

	verification:
	enabled: true
	ui_url: http://127.0.0.1:3000/next/auth/verify
	after:
	default_browser_return_url: http://127.0.0.1:3000/next/

	logout:
	after:
	default_browser_return_url: http://127.0.0.1:3000/next/auth/login

	login:
	ui_url: http://127.0.0.1:3000/next/auth/login
	lifespan: 10m

	registration:
	lifespan: 10m
	ui_url: http://127.0.0.1:3000/next/auth/registration
	after:
	password:
	hooks:
	- hook: session
	oidc:
	hooks:
	- hook: session

	log:
	level: debug
	format: json
	leak_sensitive_values: true

	secrets:
	cookie:
	# This is an example; secret must be this length (32 chars).
	- PLEASE-CHANGE-ME-I-AM-VERY-INSECURE

	hashers:
	argon2:
	parallelism: 1
	memory: 128MB
	iterations: 2
	salt_length: 16
	key_length: 16

	courier:
	smtp:
	connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=true
	from_address: no-reply@shortlink.com

	development: true
	# autoMigrate is relying on a simple initContainer mechanism
	# Do not turn it on if the replicaCount > 1
	autoMigrate: false

	# You can add multiple identity schemas here
	identitySchemas:
	"identity.default.schema.json": \|
	{
	"$id": "https://schemas.ory.sh/presets/kratos/quickstart/email-password/identity.schema.json",
	"$schema": "http://json-schema.org/draft-07/schema#",
	"title": "Person",
	"type": "object",
	"properties": {
	"traits": {
	"type": "object",
	"properties": {
	"email": {
	"type": "string",
	"format": "email",
	"title": "E-Mail",
	"minLength": 3,
	"ory.sh/kratos": {
	"credentials": {
	"password": {
	"identifier": true
	}
	},
	"verification": {
	"via": "email"
	},
	"recovery": {
	"via": "email"
	}
	}
	},
	"name": {
	"type": "object",
	"properties": {
	"first": {
	"title": "First Name",
	"type": "string"
	},
	"last": {
	"title": "Last Name",
	"type": "string"
	}
	}
	}
	},
	"required": [
	"email"
	],
	"additionalProperties": false
	}
	}
	}