Erich Blume
b0023fef92
Mealie requires OIDC_CLIENT_SECRET even though its docs say "public client with PKCE". The token exchange happens server-side in Mealie's Python backend, so the secret never reaches the browser. - Generate client secret, store in 1Password - Add to Authentik external-secret and worker env - Switch blueprint from public to confidential - Add ExternalSecret for mealie namespace - Update docs to reflect confidential client Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| configmap-blueprint.yaml | ||
| deployment-redis.yaml | ||
| deployment-server.yaml | ||
| deployment-worker.yaml | ||
| external-secret.yaml | ||
| ingress-tailscale.yaml | ||
| kustomization.yaml | ||
| service-redis.yaml | ||
| service.yaml | ||