Skip to content

Commit 677e77c

Browse files
Copilotphrocker
Copilot
and
phrocker
committed
Remove hardcoded secrets from Helm charts and application properties
Co-authored-by: phrocker <[email protected]>
1 parent 011a814 commit 677e77c

File tree

18 files changed

+153
-70
lines changed

18 files changed

+153
-70
lines changed

agent-launcher/src/main/resources/application.properties

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
keystore.file=sso.jceks
2-
keystore.password=keystorepassword
2+
keystore.password=${KEYSTORE_PASSWORD:keystorepassword}
33

44
keystore.alias=KEYBOX-ENCRYPTION_KEY
55
keystore.algorithm=AES

ai-agent/src/main/resources/assessor.properties

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -51,7 +51,7 @@ server.error.whitelabel.enabled=false
5151
keycloak.realm=sentrius
5252
keycloak.base-url=${KEYCLOAK_BASE_URL:http://localhost:8180}
5353
spring.security.oauth2.client.registration.keycloak.client-id=java-agents
54-
spring.security.oauth2.client.registration.keycloak.client-secret=e4WgJovH8MzcAvRnFg3rROAbeDIwiYmx
54+
spring.security.oauth2.client.registration.keycloak.client-secret=${KEYCLOAK_CLIENT_SECRET:}
5555
spring.security.oauth2.client.registration.keycloak.authorization-grant-type=client_credentials
5656
spring.security.oauth2.client.registration.keycloak.redirect-uri=http://192.168.1.162:8080/login/oauth2/code/keycloak
5757
spring.security.oauth2.client.registration.keycloak.scope=openid,profile,email

ai-agent/src/main/resources/chat-helper.properties

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -52,7 +52,7 @@ keycloak.realm=sentrius
5252
keycloak.base-url=${KEYCLOAK_BASE_URL:http://localhost:8180}
5353
## These are programmatically set.
5454
spring.security.oauth2.client.registration.keycloak.client-id=java-agents
55-
spring.security.oauth2.client.registration.keycloak.client-secret=e4WgJovH8MzcAvRnFg3rROAbeDIwiYmxsdgd
55+
spring.security.oauth2.client.registration.keycloak.client-secret=${KEYCLOAK_CLIENT_SECRET:}
5656
spring.security.oauth2.client.registration.keycloak.authorization-grant-type=client_credentials
5757
spring.security.oauth2.client.registration.keycloak.redirect-uri=http://192.168.1.162:8080/login/oauth2/code/keycloak
5858
spring.security.oauth2.client.registration.keycloak.scope=openid,profile,email

ai-agent/src/main/resources/terminal-helper.properties

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -51,7 +51,7 @@ server.error.whitelabel.enabled=false
5151
keycloak.realm=sentrius
5252
keycloak.base-url=${KEYCLOAK_BASE_URL:http://localhost:8180}
5353
spring.security.oauth2.client.registration.keycloak.client-id=java-agents
54-
spring.security.oauth2.client.registration.keycloak.client-secret=e4WgJovH8MzcAvRnFg3rROAbeDIwiYmx
54+
spring.security.oauth2.client.registration.keycloak.client-secret=${KEYCLOAK_CLIENT_SECRET:}
5555
spring.security.oauth2.client.registration.keycloak.authorization-grant-type=client_credentials
5656
spring.security.oauth2.client.registration.keycloak.redirect-uri=http://192.168.1.162:8080/login/oauth2/code/keycloak
5757
spring.security.oauth2.client.registration.keycloak.scope=openid,profile,email

analytics/src/main/resources/application.properties

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
keystore.file=sso.jceks
2-
keystore.password=keystorepassword
2+
keystore.password=${KEYSTORE_PASSWORD:keystorepassword}
33

44
keystore.alias=KEYBOX-ENCRYPTION_KEY
55
keystore.algorithm=AES
@@ -16,7 +16,7 @@ spring.flyway.baseline-on-migrate=true
1616

1717
spring.datasource.url=jdbc:postgresql://home.guard.local:5432/sentrius
1818
spring.datasource.username=postgres
19-
spring.datasource.password=password
19+
spring.datasource.password=${DATABASE_PASSWORD:password}
2020
spring.datasource.driver-class-name=org.postgresql.Driver
2121

2222
# Connection pool settings
@@ -51,7 +51,7 @@ server.error.whitelabel.enabled=false
5151
keycloak.realm=sentrius
5252
keycloak.base-url=${KEYCLOAK_BASE_URL:http://localhost:8180}
5353
spring.security.oauth2.client.registration.keycloak.client-id=sentrius-api
54-
spring.security.oauth2.client.registration.keycloak.client-secret=nGkEukexSWTvDzYjSkDmeUlM0FJ5Jhh0
54+
spring.security.oauth2.client.registration.keycloak.client-secret=${KEYCLOAK_CLIENT_SECRET:}
5555
spring.security.oauth2.client.registration.keycloak.authorization-grant-type=authorization_code
5656
spring.security.oauth2.client.registration.keycloak.redirect-uri=http://192.168.1.162:8080/login/oauth2/code/keycloak
5757
spring.security.oauth2.client.registration.keycloak.scope=openid,profile,email

api/src/main/resources/application.properties

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
keystore.file=sso.jceks
2-
keystore.password=keystorepassword
2+
keystore.password=${KEYSTORE_PASSWORD:keystorepassword}
33

44
keystore.alias=KEYBOX-ENCRYPTION_KEY
55
keystore.algorithm=AES
@@ -22,7 +22,7 @@ spring.thymeleaf.suffix=.html
2222

2323
spring.datasource.url=jdbc:postgresql://home.guard.local:5432/sentrius
2424
spring.datasource.username=postgres
25-
spring.datasource.password=password
25+
spring.datasource.password=${DATABASE_PASSWORD:password}
2626
spring.datasource.driver-class-name=org.postgresql.Driver
2727

2828
# Connection pool settings

llm-proxy/src/main/resources/application.properties

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
keystore.file=sso.jceks
2-
keystore.password=keystorepassword
2+
keystore.password=${KEYSTORE_PASSWORD:keystorepassword}
33

44
keystore.alias=KEYBOX-ENCRYPTION_KEY
55
keystore.algorithm=AES
@@ -21,7 +21,7 @@ spring.thymeleaf.suffix=.html
2121

2222
spring.datasource.url=jdbc:postgresql://home.guard.local:5432/sentrius
2323
spring.datasource.username=postgres
24-
spring.datasource.password=password
24+
spring.datasource.password=${DATABASE_PASSWORD:password}
2525
spring.datasource.driver-class-name=org.postgresql.Driver
2626

2727
# Connection pool settings
@@ -36,7 +36,7 @@ spring.jpa.database-platform=org.hibernate.dialect.PostgreSQLDialect
3636
#spring.datasource.url=jdbc:h2:file:~/data/testdb
3737
#spring.datasource.driver-class-name=org.h2.Driver
3838
#spring.datasource.username=sa
39-
#spring.datasource.password=password
39+
#spring.datasource.password=${DATABASE_PASSWORD:password}
4040
#spring.jpa.hibernate.ddl-auto=update
4141

4242

provenance-ingestor/src/main/resources/application.properties

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
keystore.file=sso.jceks
2-
keystore.password=keystorepassword
2+
keystore.password=${KEYSTORE_PASSWORD:keystorepassword}
33

44
keystore.alias=KEYBOX-ENCRYPTION_KEY
55
keystore.algorithm=AES
@@ -24,7 +24,7 @@ spring.thymeleaf.suffix=.html
2424
#spring.datasource.url=jdbc:h2:file:~/data/testdb
2525
#spring.datasource.driver-class-name=org.h2.Driver
2626
#spring.datasource.username=sa
27-
#spring.datasource.password=password
27+
#spring.datasource.password=${DATABASE_PASSWORD:password}
2828
#spring.jpa.hibernate.ddl-auto=update
2929

3030

sentrius-chart-launcher/values.yaml

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,7 @@ sentrius:
3434
resources: {}
3535
oauth2:
3636
client_id: sentrius-api
37-
client_secret: nGkEukexSWTvDzYjSkDmeUlM0FJ5Jhh0
37+
client_secret: "" # To be set via environment variable or external secret
3838
authorization_grant_type: authorization_code
3939
redirect_uri: http://{{ .Values.subdomain }}/login/oauth2/code/keycloak
4040
scope: openid,profile,email
@@ -60,7 +60,7 @@ llmproxy:
6060
resources: {}
6161
oauth2:
6262
client_id: sentrius-api
63-
client_secret: nGkEukexSWTvDzYjSkDmeUlM0FJ5Jhh0
63+
client_secret: "" # To be set via environment variable or external secret
6464
authorization_grant_type: authorization_code
6565
redirect_uri: http://{{ .Values.subdomain }}/login/oauth2/code/keycloak
6666
scope: openid,profile,email
@@ -84,7 +84,7 @@ sentriusagent:
8484
port: 8080
8585
oauth2:
8686
client_id: java-agents
87-
client_secret: e4WgJovH8MzcAvRnFg3rROAbeDIwiYmx
87+
client_secret: "" # To be set via environment variable or external secret
8888
authorization_grant_type: client_credentials
8989
redirect-uri: http://{{ .Values.subdomain }}/login/oauth2/code/keycloak
9090
scope: openid,profile,email
@@ -112,7 +112,7 @@ sentriusaiagent:
112112
port: 8080
113113
oauth2:
114114
client_id: java-agents
115-
client_secret: KLJMLKSDJGlkj23@#jasdlkjg@#dsagsagdsag
115+
client_secret: "" # To be set via environment variable or external secret
116116
authorization_grant_type: authorization_code
117117
redirect-uri: http://{{ .Values.subdomain }}/login/oauth2/code/keycloak
118118
scope: openid,profile,email
@@ -140,7 +140,7 @@ launcherservice:
140140
port: 8080
141141
oauth2:
142142
client_id: sentrius-launcher-service
143-
client_secret: nGkEukexSWTSjklj3sddgvDzYjSkDmeUlM0FJ5Jhh0
143+
client_secret: "" # To be set via environment variable or external secret
144144
authorization_grant_type: authorization_code
145145
redirect-uri: http://{{ .Values.subdomain }}/login/oauth2/code/keycloak
146146
scope: openid,profile,email
@@ -185,11 +185,11 @@ keycloak:
185185
pullPolicy: IfNotPresent
186186
host: keycloak.default.svc.cluster.local
187187
adminUser: admin
188-
adminPassword: nGkEukexSWTvDzYjSkDmeUlM0FJ5Jhh0@1
188+
adminPassword: "" # To be set via environment variable or external secret
189189
serviceType: ClusterIP
190190
port: 8081
191191
clientId: sentrius-api
192-
clientSecret: nGkEukexSWTvDzYjSkDmeUlM0FJ5Jhh0
192+
clientSecret: "" # To be set via environment variable or external secret
193193
db:
194194
image: postgres:15
195195
user: keycloak
@@ -314,5 +314,5 @@ neo4j:
314314
httpPort: 7474
315315
resources: {}
316316
env:
317-
NEO4J_AUTH: neo4j/testingsecret
317+
NEO4J_AUTH: "" # To be set via environment variable (e.g., neo4j/your-secure-password)
318318
NEO4J_server_config_strict__validation__enabled: "true"

sentrius-chart/templates/configmap.yaml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -44,7 +44,7 @@ data:
4444
agent.api.url={{ .Values.sentriusDomain }}
4545
# Keycloak configuration
4646
spring.security.oauth2.client.registration.keycloak.client-id={{ .Values.sentriusagent.oauth2.client_id }}
47-
spring.security.oauth2.client.registration.keycloak.client-secret={{ .Values.sentriusagent.oauth2.client_secret }}
47+
spring.security.oauth2.client.registration.keycloak.client-secret=${KEYCLOAK_CLIENT_SECRET}
4848
spring.security.oauth2.client.registration.keycloak.authorization-grant-type={{ .Values.sentriusagent.oauth2.authorization_grant_type }}
4949
spring.security.oauth2.client.registration.keycloak.redirect-uri={{ .Values.sentriusDomain }}/login/oauth2/code/keycloak
5050
spring.security.oauth2.client.registration.keycloak.scope={{ .Values.sentriusagent.oauth2.scope }}
@@ -96,7 +96,7 @@ data:
9696
agent.api.url={{ .Values.sentriusDomain }}
9797
# Keycloak configuration
9898
spring.security.oauth2.client.registration.keycloak.client-id={{ .Values.sentriusagent.oauth2.client_id }}
99-
spring.security.oauth2.client.registration.keycloak.client-secret={{ .Values.sentriusagent.oauth2.client_secret }}
99+
spring.security.oauth2.client.registration.keycloak.client-secret=${KEYCLOAK_CLIENT_SECRET}
100100
spring.security.oauth2.client.registration.keycloak.authorization-grant-type={{ .Values.sentriusagent.oauth2.authorization_grant_type }}
101101
spring.security.oauth2.client.registration.keycloak.redirect-uri={{ .Values.sentriusDomain }}/login/oauth2/code/keycloak
102102
spring.security.oauth2.client.registration.keycloak.scope={{ .Values.sentriusagent.oauth2.scope }}
@@ -177,7 +177,7 @@ data:
177177
agent.api.url={{ .Values.sentriusDomain }}
178178
# Keycloak configuration
179179
spring.security.oauth2.client.registration.keycloak.client-id={{ .Values.sentriusagent.oauth2.client_id }}
180-
spring.security.oauth2.client.registration.keycloak.client-secret={{ .Values.sentriusagent.oauth2.client_secret }}
180+
spring.security.oauth2.client.registration.keycloak.client-secret=${KEYCLOAK_CLIENT_SECRET}
181181
spring.security.oauth2.client.registration.keycloak.authorization-grant-type={{ .Values.sentriusagent.oauth2.authorization_grant_type }}
182182
spring.security.oauth2.client.registration.keycloak.redirect-uri={{ .Values.sentriusDomain }}/login/oauth2/code/keycloak
183183
spring.security.oauth2.client.registration.keycloak.scope={{ .Values.sentriusagent.oauth2.scope }}
@@ -254,7 +254,7 @@ data:
254254
management.endpoint.health.show-details=always
255255
# Keycloak configuration
256256
spring.security.oauth2.client.registration.keycloak.client-id={{ .Values.sentrius.oauth2.client_id }}
257-
spring.security.oauth2.client.registration.keycloak.client-secret={{ .Values.sentrius.oauth2.client_secret }}
257+
spring.security.oauth2.client.registration.keycloak.client-secret=${KEYCLOAK_CLIENT_SECRET}
258258
spring.security.oauth2.client.registration.keycloak.authorization-grant-type={{ .Values.sentrius.oauth2.authorization_grant_type }}
259259
spring.security.oauth2.client.registration.keycloak.redirect-uri={{ .Values.sentriusDomain }}/login/oauth2/code/keycloak
260260
spring.security.oauth2.client.registration.keycloak.scope={{ .Values.sentrius.oauth2.scope }}

0 commit comments

Comments
 (0)