From fdb7fe0bfaef507f558cecd87dcae98c269aaf4f Mon Sep 17 00:00:00 2001
From: Erich Blume <blume.erich@gmail.com>
Date: Sun, 22 Feb 2026 09:10:39 -0800
Subject: [PATCH] Review create-authentik-secrets doc: note additional OIDC
 fields

The 1Password item has grown since this card was written with OIDC
client secrets and an API token from subsequent service integrations.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 docs/how-to/authentik/create-authentik-secrets.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/docs/how-to/authentik/create-authentik-secrets.md b/docs/how-to/authentik/create-authentik-secrets.md
index be9ed34..1e6e07d 100644
--- a/docs/how-to/authentik/create-authentik-secrets.md
+++ b/docs/how-to/authentik/create-authentik-secrets.md
@@ -1,6 +1,7 @@
 ---
 title: Create Authentik Secrets
-modified: 2026-02-20
+modified: 2026-02-22
+last-reviewed: 2026-02-22
 tags:
   - how-to
   - authentik
@@ -25,6 +26,7 @@ Create the 1Password item that the ExternalSecret references for Authentik confi
 ## Notes
 
 - The database password in this 1Password item is the same one used by the CNPG managed role via `external-secret-authentik.yaml`. Both the database ExternalSecret and the future Authentik deployment ExternalSecret reference the same 1Password item but different fields.
+- The 1Password item has since grown with OIDC client secrets (`grafana-client-secret`, `forgejo-client-secret`, `zot-client-secret`, `jellyfin-client-secret`) and an `api-token` field, added during subsequent service integrations.
 
 ## Related