feature: Argo CD: pull OIDC clientID
and issuer
from existing secret
#2199
Labels
argo-cd
awaiting-upstream
Is waiting for a change upstream to be completed before it can be merged.
enhancement
New feature or request
on-hold
Issues or Pull Requests with this label will never be considered stale
Is your feature request related to a problem?
Right now we have to specify the oidc issuer and clientID directly in plain text via the values.yaml when applying the argo-cd helm chart. It's possible to specify a clientSecret in another secret, but not the clientID or issuer. This information is still considered private, so it'd be good to have this obscured.
Related helm chart
argo-cd
Describe the solution you'd like
I'd like to see the issuer and clientID also optionally called from an existing secret, in the same way that we can specify a clientSecret in another secret, example currently:
Proposed update:
Describe alternatives you've considered
An alternative would be to just allow for an existingSecret for OIDC credentials where issuer, clientID, and clientSecret are all defined keys.
Additional context
This would make everything a bit more secure and allow for more open sourcing of Argo CD configurations without exposing any useful information for attackers.
The text was updated successfully, but these errors were encountered: