Using ESO for Forgejo admin password generation

2025-04-23 15:50:14 +02:00 · 2025-04-23 15:50:14 +02:00 · d5ad448d2b
commit d5ad448d2b
parent 1530e4787b
1 changed files with 36 additions and 0 deletions
--- a/template/stacks/core/forgejo/manifests/secret-admin-password.yaml
+++ b/template/stacks/core/forgejo/manifests/secret-admin-password.yaml
@ -0,0 +1,36 @@
+apiVersion: generators.external-secrets.io/v1alpha1
+kind: Password
+metadata:
+  name: forgejo-admin-password-generator
+  namespace: gitea 
+spec:
+  length: 36
+  digits: 5
+  symbols: 5
+  symbolCharacters: "/-+"
+  noUpper: false
+  allowRepeat: true
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: forgejo-admin-password-generator
+  namespace: gitea 
+spec:
+  refreshInterval: "0"
+  target:
+    name: gitea-credential
+    template:
+      engineVersion: v2
+      data:
+        username: giteaAdmin
+        password: "{{.INITIAL_ADMIN_PASSWORD}}"
+  dataFrom:
+    - sourceRef:
+        generatorRef:
+          apiVersion: generators.external-secrets.io/v1alpha1
+          kind: Password
+          name: forgejo-admin-password-generator
+      rewrite:
+        - transform:
+            template: "INITIAL_ADMIN_PASSWORD"