homelab/docker-compose-templates
1
0
Fork 0
Code Activity

authentik: move sensitive data to secrets

Browse Source
This commit is contained in:
Lukáš Kucharczyk
2025-12-30 07:54:22 +01:00
parent 5004e63f1b
commit 853208412e
1 changed files with 33 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docker-compose.yml
+33 -10
View File
@@ -2,6 +2,18 @@
secrets: secrets:
gitea_runner_token: gitea_runner_token:
file: secrets/gitea_runner_token.txt file: secrets/gitea_runner_token.txt
authentik_secret_key:
file: secrets/authentik_secret_key
email_host:
file: secrets/email_host
email_username:
file: secrets/email_username
email_password:
file: secrets/email_password
postgres_general_username:
file: secrets/postgres_general_username
postgres_general_password:
file: secrets/postgres_general_password
mariadb_root_password: mariadb_root_password:
file: secrets/mariadb_root_password file: secrets/mariadb_root_password
@@ -791,12 +803,16 @@ services:
depends_on: depends_on:
postgres: postgres:
condition: service_healthy condition: service_healthy
secrets:
- authentik_secret_key
- postgres_general_username
- postgres_general_password
environment: environment:
AUTHENTIK_POSTGRESQL__HOST: postgres AUTHENTIK_POSTGRESQL__HOST: postgres
AUTHENTIK_POSTGRESQL__NAME: authentik AUTHENTIK_POSTGRESQL__NAME: authentik
AUTHENTIK_POSTGRESQL__PASSWORD: ${POSTGRES_PASSWORD} AUTHENTIK_POSTGRESQL__PASSWORD: file:///run/secrets/postgres_general_password
AUTHENTIK_POSTGRESQL__USER: ${POSTGRES_USER} AUTHENTIK_POSTGRESQL__USER: file:///run/secrets/postgres_general_username
AUTHENTIK_SECRET_KEY: WH6M+8rmyMw4BPszIf9bKGInZVcm6Lmce83C9hdG8t4ZeIKi AUTHENTIK_SECRET_KEY: file:///run/secrets/authentik_secret_key
AUTHENTIK_EMAIL__HOST: smtp.protonmail.ch AUTHENTIK_EMAIL__HOST: smtp.protonmail.ch
AUTHENTIK_EMAIL__PORT: 587 AUTHENTIK_EMAIL__PORT: 587
AUTHENTIK_EMAIL__USERNAME: lukas@kucharczyk.xyz AUTHENTIK_EMAIL__USERNAME: lukas@kucharczyk.xyz
@@ -828,20 +844,27 @@ services:
networks: networks:
public: public:
ipv4_address: 192.168.240.62 ipv4_address: 192.168.240.62
secrets:
- authentik_secret_key
- email_host
- email_username
- email_password
- postgres_general_username
- postgres_general_password
environment: environment:
AUTHENTIK_POSTGRESQL__HOST: postgres AUTHENTIK_POSTGRESQL__HOST: postgres
AUTHENTIK_POSTGRESQL__NAME: authentik AUTHENTIK_POSTGRESQL__NAME: authentik
AUTHENTIK_POSTGRESQL__PASSWORD: ${POSTGRES_PASSWORD} AUTHENTIK_POSTGRESQL__PASSWORD: file:///run/secrets/postgres_general_password
AUTHENTIK_POSTGRESQL__USER: lukas AUTHENTIK_POSTGRESQL__USER: file:///run/secrets/postgres_general_username
AUTHENTIK_SECRET_KEY: WH6M+8rmyMw4BPszIf9bKGInZVcm6Lmce83C9hdG8t4ZeIKi AUTHENTIK_SECRET_KEY: file:///run/secrets/authentik_secret_key
AUTHENTIK_EMAIL__HOST: smtp.protonmail.ch AUTHENTIK_EMAIL__HOST: file:///run/secrets/email_host
AUTHENTIK_EMAIL__PORT: 587 AUTHENTIK_EMAIL__PORT: 587
AUTHENTIK_EMAIL__USERNAME: lukas@kucharczyk.xyz AUTHENTIK_EMAIL__USERNAME: file:///run/secrets/email_username
AUTHENTIK_EMAIL__PASSWORD: CQHMWAUWQG5FBJ2V AUTHENTIK_EMAIL__PASSWORD: file:///run/secrets/email_password
AUTHENTIK_EMAIL__USE_TLS: true AUTHENTIK_EMAIL__USE_TLS: true
AUTHENTIK_EMAIL__USE_SSL: false AUTHENTIK_EMAIL__USE_SSL: false
AUTHENTIK_EMAIL__TIMEOUT: 60 AUTHENTIK_EMAIL__TIMEOUT: 60
AUTHENTIK_EMAIL__FROM: lukas@kucharczyk.xyz AUTHENTIK_EMAIL__FROM: file:///run/secrets/email_username
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.10.0} image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.10.0}
restart: unless-stopped restart: unless-stopped
user: root user: root