forked from mystiq/dex
a11db557b4
Allow users to define config values which are read form environemnt variables. Helpful for sensitive variables such as OAuth2 client IDs or LDAP credentials.
63 lines
1.8 KiB
YAML
63 lines
1.8 KiB
YAML
# The base path of dex and the external name of the OpenID Connect service.
|
|
# Clients use this value to do discovery.
|
|
issuer: http://127.0.0.1:5556/dex
|
|
|
|
# The storage configuration determines where dex stores its state. Supported
|
|
# options include SQL flavors and Kubernetes third party resources.
|
|
storage:
|
|
type: sqlite3
|
|
config:
|
|
file: examples/dex.db
|
|
|
|
# Configuration for the
|
|
web:
|
|
http: 127.0.0.1:5556
|
|
# HTTPS options are also supported:
|
|
# https: 127.0.0.1:5554
|
|
# tlsCert: /etc/dex/tls.crt
|
|
# tlsKey: /etc/dex/tls.key
|
|
|
|
# Uncomment this block to enable the gRPC API.
|
|
# grpc:
|
|
# addr: 127.0.0.1:5557
|
|
# tlsCert: /etc/dex/grpc.crt
|
|
# tlsKey: /etc/dex/grpc.key
|
|
|
|
# Instead of reading from an external storage, use this list of clients.
|
|
#
|
|
# If this option isn't choosen clients may be added through the gRPC API.
|
|
staticClients:
|
|
- id: example-app
|
|
redirectURIs:
|
|
- 'http://127.0.0.1:5555/callback'
|
|
name: 'Example App'
|
|
secret: ZXhhbXBsZS1hcHAtc2VjcmV0
|
|
|
|
connectors:
|
|
- type: mockCallback
|
|
id: mock
|
|
name: Example
|
|
# - type: oidc
|
|
# id: google
|
|
# name: Google
|
|
# config:
|
|
# issuer: https://accounts.google.com
|
|
# # Config values starting with a "$" will read from the environment.
|
|
# clientID: $GOOGLE_CLIENT_ID
|
|
# clientSecret: $GOOGLE_CLIENT_SECRET
|
|
# redirectURI: http://127.0.0.1:5556/dex/callback/google
|
|
|
|
# Let dex keep a list of passwords which can be used to login the user
|
|
enablePasswordDB: true
|
|
|
|
# A static list of passwords to login the end user. By identifying here, dex
|
|
# won't look in its underlying storage for passwords.
|
|
#
|
|
# If this option isn't choosen users may be added through the gRPC API.
|
|
staticPasswords:
|
|
- email: "admin@example.com"
|
|
# bcrypt hash of the string "password"
|
|
hash: "JDJhJDE0JDh4TnlVZ3pzSmVuQm4ySlRPT2QvbmVGcUlnQzF4TEFVRFA3VlpTVzhDNWlkLnFPcmNlYUJX"
|
|
username: "admin"
|
|
userID: "08a8684b-db88-4b73-90a9-3cd1661f5466"
|
|
|