Erich Blume
cbf08a7bde
Both prerequisites for deploy-authentik are now satisfied: - CNPG managed role + ExternalSecret for authentik DB user - 1Password item "Authentik (blumeops)" with all required fields - Database created and cross-cluster connectivity verified Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
32 lines
1.2 KiB
Markdown
32 lines
1.2 KiB
Markdown
---
|
|
title: Create Authentik Secrets
|
|
modified: 2026-02-20
|
|
tags:
|
|
- how-to
|
|
- authentik
|
|
- secrets
|
|
---
|
|
|
|
# Create Authentik Secrets
|
|
|
|
Create the 1Password item that the ExternalSecret references for Authentik configuration.
|
|
|
|
## What Was Done
|
|
|
|
1. Created 1Password item "Authentik (blumeops)" in vault `blumeops` (category: database) with fields:
|
|
- `secret-key`: random 68-character base64 string (for `AUTHENTIK_SECRET_KEY`)
|
|
- `postgresql-host`: `pg.ops.eblu.me`
|
|
- `postgresql-port`: `5432`
|
|
- `postgresql-name`: `authentik`
|
|
- `postgresql-user`: `authentik`
|
|
- `postgresql-password`: random 44-character base64 string
|
|
2. ExternalSecret `blumeops-pg-authentik` in databases namespace resolves successfully (verified during [[provision-authentik-database]])
|
|
|
|
## Notes
|
|
|
|
- The database password in this 1Password item is the same one used by the CNPG managed role via `external-secret-authentik.yaml`. Both the database ExternalSecret and the future Authentik deployment ExternalSecret reference the same 1Password item but different fields.
|
|
|
|
## Related
|
|
|
|
- [[deploy-authentik]] — Parent goal
|
|
- [[provision-authentik-database]] — Database provisioning (uses `postgresql-password` field)
|