dex/examples/config-dev.yaml
Eric Chiang 015e7cf606 cmd/dex: only expand from env for storages and connectors
Bcrypt'd hashes have "$" characters in them. This means that #667
(accepting actually bcrypted values) combined with #627 (expanding
config with environment variables) broke the example config.

For now, allow storages and connectors to expand their configs from
the environment, but don't do this anywhere else.
2016-11-03 21:38:32 -07:00

68 lines
2 KiB
YAML

# The base path of dex and the external name of the OpenID Connect service.
# Clients use this value to do discovery.
issuer: http://127.0.0.1:5556/dex
# The storage configuration determines where dex stores its state. Supported
# options include SQL flavors and Kubernetes third party resources.
storage:
type: sqlite3
config:
file: examples/dex.db
# Configuration for the
web:
http: 127.0.0.1:5556
# HTTPS options are also supported:
# https: 127.0.0.1:5554
# tlsCert: /etc/dex/tls.crt
# tlsKey: /etc/dex/tls.key
# Uncomment this block to enable the gRPC API.
# grpc:
# addr: 127.0.0.1:5557
# tlsCert: /etc/dex/grpc.crt
# tlsKey: /etc/dex/grpc.key
# tlsClientCA: /etc/dex/client.crt
# Instead of reading from an external storage, use this list of clients.
#
# If this option isn't choosen clients may be added through the gRPC API.
staticClients:
- id: example-app
redirectURIs:
- 'http://127.0.0.1:5555/callback'
name: 'Example App'
secret: ZXhhbXBsZS1hcHAtc2VjcmV0
connectors:
- type: mockCallback
id: mock
name: Example
# - type: oidc
# id: google
# name: Google
# config:
# issuer: https://accounts.google.com
# # Config values starting with a "$" will read from the environment.
# clientID: $GOOGLE_CLIENT_ID
# clientSecret: $GOOGLE_CLIENT_SECRET
# redirectURI: http://127.0.0.1:5556/dex/callback/google
# Let dex keep a list of passwords which can be used to login the user
enablePasswordDB: true
# A static list of passwords to login the end user. By identifying here, dex
# won't look in its underlying storage for passwords.
#
# If this option isn't choosen users may be added through the gRPC API.
staticPasswords:
- email: "admin@example.com"
# bcrypt hash of the string "password"
hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W"
username: "admin"
userID: "08a8684b-db88-4b73-90a9-3cd1661f5466"
# Uncomment this block to enable configuration for the expiration time durations.
# expiry:
# signingKeys: "6h"
# idTokens: "24h"