HorizonStackSoftware/optima
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

fix tls and key secrets

Browse Source
This commit is contained in:
Jackson Roberts
2026-02-25 21:17:00 -06:00
parent 97b6c45bc0
commit 3779cdc379
4 changed files with 13 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
kubernetes/deployment.yaml
+2
View File
@@ -20,6 +20,8 @@ spec:
envFrom: envFrom:
- secretRef: - secretRef:
name: api-env-secret name: api-env-secret
- secretRef:
name: optima-keys-secret
ports: ports:
- containerPort: 3000 - containerPort: 3000
imagePullSecrets: imagePullSecrets:
kubernetes/ingress.yaml
+2 -1
View File
@@ -4,7 +4,8 @@ metadata:
name: optima-api-ingress name: optima-api-ingress
namespace: optima namespace: optima
annotations: annotations:
ingress.kubernetes.io/ssl-redirect: "false" traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
spec: spec:
tls: tls:
- secretName: osdci-net-cert - secretName: osdci-net-cert
kubernetes/migration-job.yaml
+2
View File
@@ -16,6 +16,8 @@ spec:
envFrom: envFrom:
- secretRef: - secretRef:
name: api-env-secret name: api-env-secret
- secretRef:
name: optima-keys-secret
restartPolicy: Never restartPolicy: Never
imagePullSecrets: imagePullSecrets:
- name: github-container-registry - name: github-container-registry
src/constants.ts
+7 -5
View File
@@ -26,21 +26,23 @@ export const refreshTokenDuration = "30d";
const isProduction = process.env.NODE_ENV === "production"; const isProduction = process.env.NODE_ENV === "production";
const readKeyFile = (path: string) => readFileSync(path).toString();
export const accessTokenPrivateKey = isProduction export const accessTokenPrivateKey = isProduction
? process.env.ACCESS_TOKEN_PRIVATE_KEY! ? process.env.ACCESS_TOKEN_PRIVATE_KEY!
: readFileSync(`.accessToken.key`).toString(); : readKeyFile(`.accessToken.key`);
export const refreshTokenPrivateKey = isProduction export const refreshTokenPrivateKey = isProduction
? process.env.REFRESH_TOKEN_PRIVATE_KEY! ? process.env.REFRESH_TOKEN_PRIVATE_KEY!
: readFileSync(`.refreshToken.key`).toString(); : readKeyFile(`.refreshToken.key`);
export const permissionsPrivateKey = isProduction export const permissionsPrivateKey = isProduction
? process.env.PERMISSIONS_PRIVATE_KEY! ? process.env.PERMISSIONS_PRIVATE_KEY!
: readFileSync(`.permissions.key`).toString(); : readKeyFile(`.permissions.key`);
export const secureValuesPrivateKey = isProduction export const secureValuesPrivateKey = isProduction
? process.env.SECURE_VALUES_PRIVATE_KEY! ? process.env.SECURE_VALUES_PRIVATE_KEY!
: readFileSync(`.secureValues.key`).toString(); : readKeyFile(`.secureValues.key`);
export const secureValuesPublicKey = isProduction export const secureValuesPublicKey = isProduction
? process.env.SECURE_VALUES_PUBLIC_KEY! ? process.env.SECURE_VALUES_PUBLIC_KEY!
: readFileSync(`public-keys/.secureValues.pub`).toString(); : readKeyFile(`public-keys/.secureValues.pub`);
// Microsoft Auth Constants // Microsoft Auth Constants
const msalConfig: msal.Configuration = { const msalConfig: msal.Configuration = {