Re: [I] [Question][DevOps] Deploy devlake with managed GCP Cloud database service (with SSL enabled) [incubator-devlake]

Wed, 28 Aug 2024 13:55:58 -0700 


dosubot[bot] commented on issue #7928:
URL: 
https://github.com/apache/incubator-devlake/issues/7928#issuecomment-2316235473

   <!-- Answer -->
   To generate a value for `OAUTH2_PROXY_COOKIE_SECRET` to configure 
`oauth2-proxy`, you can use a secure random string. This secret is used to 
encrypt the cookie data, so it should be a strong, random value.
   
   Here are a few ways to generate this secret:
   
   ### Using OpenSSL
   You can use the `openssl` command to generate a random base64 string:
   
   ```shell
   openssl rand -base64 32
   ```
   
   ### Using Python
   You can also use Python to generate a random string:
   
   ```python
   import os
   import base64
   
   print(base64.b64encode(os.urandom(32)).decode('utf-8'))
   ```
   
   ### Using Linux Command Line
   If you are on a Linux system, you can use the following command:
   
   ```shell
   head -c32 /dev/urandom | base64
   ```
   
   ### Example
   Once you have generated the secret, it will look something like this:
   
   ```plaintext
   s3cr3tK3yTh4tIsV3ryS3cur3AndR4nd0m==
   ```
   
   You can then use this value in your `values.yaml` file or environment 
variable configuration for `oauth2-proxy`:
   
   ```yaml
   authproxy:
     enabled: true
     image: quay.io/oauth2-proxy/oauth2-proxy:v7.4.0-amd64
     env:
       - name: OAUTH2_PROXY_PROVIDER
         value: oidc
       - name: OAUTH2_PROXY_PROVIDER_DISPLAY_NAME
         value: OKTA
       - name: OAUTH2_PROXY_COOKIE_SECRET
         value: s3cr3tK3yTh4tIsV3ryS3cur3AndR4nd0m==
       - name: OAUTH2_PROXY_COOKIE_DOMAINS
         value: localhost:4180
       - name: OAUTH2_PROXY_COOKIE_SECURE
         value: 'false'
       - name: OAUTH2_PROXY_EMAIL_DOMAINS
         value: '*'
       - name: OAUTH2_PROXY_OIDC_ISSUER_URL
         value: https://<your-okta-domain>/oauth2/default
       - name: OAUTH2_PROXY_CLIENT_ID
         value: <your-client-id>
       - name: OAUTH2_PROXY_CLIENT_SECRET
         value: <your-client-secret>
       - name: OAUTH2_PROXY_UPSTREAMS
         value: http://localhost:4000
       - name: OAUTH2_PROXY_HTTP_ADDRESS
         value: http://0.0.0.0:4180
       - name: OAUTH2_PROXY_REVERSE_PROXY
         value: 'true'
       - name: OAUTH2_PROXY_SKIP_AUTH_ROUTES
         value: ^/grafana.*
   ```
   
   Replace `<your-okta-domain>`, `<your-client-id>`, and `<your-client-secret>` 
with your actual OKTA configuration values.
   
   
   <!-- Dosu Comment Footer -->
   *To continue talking to [Dosu](https://dosu.dev), mention @dosu.*
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@devlake.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to