openidconnect, not yet working

deployment/install.sh

@@ -8,11 +8,15 @@ kubectl create namespace $NAMESPACE \
   -o yaml | \
   kubectl -f - apply
 
-SECRETS_FILE=`mktemp`
-gpg --decrypt --passphrase $GPG_PASSPHRASE --yes --batch --homedir /tmp/.gnupg --output $SECRETS_FILE secrets.asc
-. $SECRETS_FILE
-rm $SECRETS_FILE
-# eval "`cat secrets.asc | /usr/local/bin/decrypt-secrets.sh`"
+if [ -f secrets.txt ]; then
+  . secrets.txt
+else
+  SECRETS_FILE=`mktemp`
+  gpg --decrypt --passphrase $GPG_PASSPHRASE --yes --batch --homedir /tmp/.gnupg --output $SECRETS_FILE secrets.asc
+  . $SECRETS_FILE
+  rm $SECRETS_FILE
+  # eval "`cat secrets.asc | /usr/local/bin/decrypt-secrets.sh`"
+fi
 
 kubectl create secret generic defectdojo-postgresql-specific \
   --dry-run=client \
@@ -28,6 +32,21 @@ kubectl create secret generic defectdojo-redis-specific \
   --from-literal=redis-password="" | \
   kubectl apply -f - -n $NAMESPACE
 
+kubectl create secret generic defectdojo-extrasecrets \
+  --dry-run=client \
+  -o yaml \
+  --save-config \
+  --from-literal=DD_SESSION_COOKIE_SECURE="True" \
+  --from-literal=DD_CSRF_COOKIE_SECURE="True" \
+  --from-literal=DD_SECURE_SSL_REDIRECT="True" \
+  --from-literal=DD_SOCIAL_AUTH_KEYCLOAK_OAUTH2_ENABLED="True" \
+  --from-literal=DD_SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY="$KEYCLOAK_PUBLIC_KEY" \
+  --from-literal=DD_SOCIAL_AUTH_KEYCLOAK_KEY="defectdojo" \
+  --from-literal=DD_SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL="https://auth2.hottis.de/realms/hottis/protocol/openid-connect/auth" \
+  --from-literal=DD_SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL="https://auth2.hottis.de/realms/hottis/protocol/openid-connect/token" \
+  --from-literal=DD_SOCIAL_AUTH_KEYCLOAK_SECRET="$OPENID_SECRET" | \
+  kubectl apply -f - -n $NAMESPACE
+
 
 helm repo add defectdojo 'https://raw.githubusercontent.com/DefectDojo/django-DefectDojo/helm-charts'
 helm repo update