From 629f487dbfb3748f8d314982c51037a032cf003f Mon Sep 17 00:00:00 2001 From: Kjeld Schouten-Lebbing Date: Tue, 7 Mar 2023 21:23:23 +0100 Subject: [PATCH] fix(authelia): prevent encryption key resets --- charts/enterprise/authelia/Chart.yaml | 6 +++--- charts/enterprise/authelia/templates/_secrets.tpl | 15 +++++---------- 2 files changed, 8 insertions(+), 13 deletions(-) diff --git a/charts/enterprise/authelia/Chart.yaml b/charts/enterprise/authelia/Chart.yaml index f48592b99a9..85f6913b08c 100644 --- a/charts/enterprise/authelia/Chart.yaml +++ b/charts/enterprise/authelia/Chart.yaml @@ -3,11 +3,11 @@ appVersion: "4.37.5" dependencies: - name: common repository: https://library-charts.truecharts.org - version: 12.2.20 + version: 12.2.24 - condition: redis.enabled name: redis repository: https://deps.truecharts.org - version: 6.0.11 + version: 6.0.14 deprecated: false description: Authelia is a Single Sign-On Multi-Factor portal for web apps home: https://truecharts.org/charts/enterprise/authelia @@ -36,7 +36,7 @@ sources: - https://github.com/authelia/chartrepo - https://github.com/authelia/authelia type: application -version: 15.0.5 +version: 15.0.7 annotations: truecharts.org/catagories: | - security diff --git a/charts/enterprise/authelia/templates/_secrets.tpl b/charts/enterprise/authelia/templates/_secrets.tpl index ca988f51579..0b408a1bc6a 100644 --- a/charts/enterprise/authelia/templates/_secrets.tpl +++ b/charts/enterprise/authelia/templates/_secrets.tpl @@ -9,14 +9,9 @@ enabled: true data: {{- if $autheliaprevious }} - SESSION_ENCRYPTION_KEY: {{ index $autheliaprevious.data "SESSION_ENCRYPTION_KEY" }} - JWT_TOKEN: {{ index $autheliaprevious.data "JWT_TOKEN" }} - {{- if ( hasKey $autheliaprevious.data "ENCRYPTION_KEY" ) }} - ENCRYPTION_KEY: {{ index $autheliaprevious.data "ENCRYPTION_KEY" }} - {{- else }} - {{- $encryptionkey := randAlphaNum 100 }} - ENCRYPTION_KEY: {{ $encryptionkey }} - {{- end }} + SESSION_ENCRYPTION_KEY: {{ index $autheliaprevious.data "SESSION_ENCRYPTION_KEY" | b64dec }} + JWT_TOKEN: {{ index $autheliaprevious.data "JWT_TOKEN" | b64dec }} + ENCRYPTION_KEY: {{ index $autheliaprevious.data "ENCRYPTION_KEY" | b64dec }} {{- else }} {{- $jwtsecret := randAlphaNum 50 }} {{- $sessionsecret := randAlphaNum 50 }} @@ -47,8 +42,8 @@ data: {{- if $autheliaprevious }} {{- if and ( hasKey $autheliaprevious.data "OIDC_PRIVATE_KEY" ) ( hasKey $autheliaprevious.data "OIDC_HMAC_SECRET" ) }} - OIDC_PRIVATE_KEY: {{ index $autheliaprevious.data "OIDC_PRIVATE_KEY" }} - OIDC_HMAC_SECRET: {{ index $autheliaprevious.data "OIDC_HMAC_SECRET" }} + OIDC_PRIVATE_KEY: {{ index $autheliaprevious.data "OIDC_PRIVATE_KEY" | b64dec }} + OIDC_HMAC_SECRET: {{ index $autheliaprevious.data "OIDC_HMAC_SECRET" | b64dec }} {{- else }} {{- $oidckey := genPrivateKey "rsa" }} {{- $oidcsecret := randAlphaNum 32 }}