Add Dex secret key variable and update Helm release configuration for ArgoCD

Author: karimzakzouk

Terraform/modules/argocd/main.tf

@@ -1,20 +1,28 @@
+resource "random_password" "dex_secret" {
+  length  = 64
+  special = true
+}
+
+
 # Install ArgoCD using Helm
 resource "helm_release" "argocd" {
   name       = "argocd"
   repository = "https://argoproj.github.io/argo-helm"
   chart      = "argo-cd"
   namespace  = var.namespace
   version    = var.chart_version
-  
+
   create_namespace = true
   wait             = true
   timeout          = var.timeout
-  
+
+  # Server service type
   set {
     name  = "server.service.type"
     value = var.service_type
   }
-  
+
+  # Extra server arguments
   dynamic "set" {
     for_each = var.insecure ? [1] : []
     content {
@@ -23,13 +31,12 @@ resource "helm_release" "argocd" {
     }
   }
 
-  # Additional ArgoCD configurations
   set {
     name  = "server.extraArgs[1]"
     value = "--grpc-web"
   }
 
-  # Configure ArgoCD to work with LoadBalancer
+  # LoadBalancer annotations
   set {
     name  = "server.service.annotations.service\\.beta\\.kubernetes\\.io/aws-load-balancer-type"
     value = "nlb"
@@ -39,6 +46,12 @@ resource "helm_release" "argocd" {
     name  = "server.service.annotations.service\\.beta\\.kubernetes\\.io/aws-load-balancer-scheme"
     value = "internet-facing"
   }
+
+  # ✅ Dex secret key (production)
+    set {
+    name  = "dex.config.server.secretKey"
+    value = var.dex_secret_key != null ? var.dex_secret_key : random_password.dex_secret.result
+    }
 }
 
 # Wait for ArgoCD to be ready before creating applications

Terraform/modules/argocd/variables.tf

@@ -54,3 +54,11 @@ variable "wait_for_ready" {
   type        = string
   default     = "60s"
 }
+
+variable "dex_secret_key" {
+  description = "Dex server secret key for ArgoCD (production)"
+  type        = string
+  sensitive   = true
+  default     = random_password.dex_secret.result
+}
+