Erich Blume cbf08a7bde Complete provision-authentik-database and create-authentik-secrets leaf nodes

Both prerequisites for deploy-authentik are now satisfied:
- CNPG managed role + ExternalSecret for authentik DB user
- 1Password item "Authentik (blumeops)" with all required fields
- Database created and cross-cluster connectivity verified

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-20 10:23:48 -08:00

1.2 KiB

Raw Blame History

title

modified

Create Authentik Secrets

Create the 1Password item that the ExternalSecret references for Authentik configuration.

What Was Done

Created 1Password item "Authentik (blumeops)" in vault blumeops (category: database) with fields:
- secret-key: random 68-character base64 string (for AUTHENTIK_SECRET_KEY)
- postgresql-host: pg.ops.eblu.me
- postgresql-port: 5432
- postgresql-name: authentik
- postgresql-user: authentik
- postgresql-password: random 44-character base64 string
ExternalSecret blumeops-pg-authentik in databases namespace resolves successfully (verified during provision-authentik-database)

Notes

The database password in this 1Password item is the same one used by the CNPG managed role via external-secret-authentik.yaml. Both the database ExternalSecret and the future Authentik deployment ExternalSecret reference the same 1Password item but different fields.

deploy-authentik — Parent goal
provision-authentik-database — Database provisioning (uses postgresql-password field)

1.2 KiB Raw Blame History

Create Authentik Secrets

What Was Done

Notes

Related

1.2 KiB

Raw Blame History