dex/examples/config-dev.yaml

# The base path of dex and the external name of the OpenID Connect service.
# This is the canonical URL that all clients MUST use to refer to dex. If a
# path is provided, dex's HTTP service will listen at a non-root URL.
issuer: http://127.0.0.1:5556/dex

# The storage configuration determines where dex stores its state. Supported
# options include SQL flavors and Kubernetes third party resources.
#
# See the storage document at Documentation/storage.md for further information.
storage:
  type: sqlite3
  config:
    file: examples/dex.db

# Configuration for the HTTP endpoints.
web:
  http: 127.0.0.1:5556
  # Uncomment for HTTPS options.
  # https: 127.0.0.1:5554
  # tlsCert: /etc/dex/tls.crt
  # tlsKey: /etc/dex/tls.key

# Uncomment this block to enable the gRPC API. This values MUST be different
# from the HTTP endpoints.
# grpc:
#   addr: 127.0.0.1:5557
#   tlsCert: /etc/dex/grpc.crt
#   tlsKey: /etc/dex/grpc.key
#   tlsClientCA: /etc/dex/client.crt

# Uncomment this block to enable configuration for the expiration time durations.
# expiry:
#   signingKeys: "6h"
#   idTokens: "24h"

# Instead of reading from an external storage, use this list of clients.
#
# If this option isn't choosen clients may be added through the gRPC API.
staticClients:
- id: example-app
  redirectURIs:
  - 'http://127.0.0.1:5555/callback'
  name: 'Example App'
  secret: ZXhhbXBsZS1hcHAtc2VjcmV0

connectors:
- type: mockCallback
  id: mock
  name: Example
# - type: oidc
#   id: google
#   name: Google
#   config:
#     issuer: https://accounts.google.com
#     # Connector config values starting with a "$" will read from the environment.
#     clientID: $GOOGLE_CLIENT_ID
#     clientSecret: $GOOGLE_CLIENT_SECRET
#     redirectURI: http://127.0.0.1:5556/dex/callback

# Let dex keep a list of passwords which can be used to login to dex.
enablePasswordDB: true

# A static list of passwords to login the end user. By identifying here, dex
# won't look in its underlying storage for passwords.
#
# If this option isn't choosen users may be added through the gRPC API.
staticPasswords:
- email: "admin@example.com"
  # bcrypt hash of the string "password"
  hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W"
  username: "admin"
  userID: "08a8684b-db88-4b73-90a9-3cd1661f5466"
*: add more comments to the example config 2016-10-14 21:28:57 +05:30			`# The base path of dex and the external name of the OpenID Connect service.`
*: readme updates for v2 2016-11-09 01:21:59 +05:30			`# This is the canonical URL that all clients MUST use to refer to dex. If a`
			`# path is provided, dex's HTTP service will listen at a non-root URL.`
*: add more comments to the example config 2016-10-14 21:28:57 +05:30			`issuer: http://127.0.0.1:5556/dex`

			`# The storage configuration determines where dex stores its state. Supported`
			`# options include SQL flavors and Kubernetes third party resources.`
*: readme updates for v2 2016-11-09 01:21:59 +05:30			`#`
			`# See the storage document at Documentation/storage.md for further information.`
*: load static clients from config file 2016-08-05 22:20:22 +05:30			`storage:`
*: add sql storage options to dex application 2016-10-04 01:16:49 +05:30			`type: sqlite3`
			`config:`
			`file: examples/dex.db`
*: load static clients from config file 2016-08-05 22:20:22 +05:30
*: readme updates for v2 2016-11-09 01:21:59 +05:30			`# Configuration for the HTTP endpoints.`
*: load static clients from config file 2016-08-05 22:20:22 +05:30			`web:`
			`http: 127.0.0.1:5556`
*: readme updates for v2 2016-11-09 01:21:59 +05:30			`# Uncomment for HTTPS options.`
*: add more comments to the example config 2016-10-14 21:28:57 +05:30			`# https: 127.0.0.1:5554`
			`# tlsCert: /etc/dex/tls.crt`
			`# tlsKey: /etc/dex/tls.key`
*: load static clients from config file 2016-08-05 22:20:22 +05:30
*: readme updates for v2 2016-11-09 01:21:59 +05:30			`# Uncomment this block to enable the gRPC API. This values MUST be different`
			`# from the HTTP endpoints.`
*: add more comments to the example config 2016-10-14 21:28:57 +05:30			`# grpc:`
			`# addr: 127.0.0.1:5557`
			`# tlsCert: /etc/dex/grpc.crt`
			`# tlsKey: /etc/dex/grpc.key`
cmd/dex: add option for gRPC client auth CA. 2016-11-03 02:37:05 +05:30			`# tlsClientCA: /etc/dex/client.crt`
*: load static clients from config file 2016-08-05 22:20:22 +05:30
*: readme updates for v2 2016-11-09 01:21:59 +05:30			`# Uncomment this block to enable configuration for the expiration time durations.`
			`# expiry:`
			`# signingKeys: "6h"`
			`# idTokens: "24h"`

*: add the ability to define passwords statically 2016-10-06 05:20:02 +05:30			`# Instead of reading from an external storage, use this list of clients.`
*: add more comments to the example config 2016-10-14 21:28:57 +05:30			`#`
			`# If this option isn't choosen clients may be added through the gRPC API.`
*: load static clients from config file 2016-08-05 22:20:22 +05:30			`staticClients:`
			`- id: example-app`
			`redirectURIs:`
			`- 'http://127.0.0.1:5555/callback'`
			`name: 'Example App'`
			`secret: ZXhhbXBsZS1hcHAtc2VjcmV0`
*: add the ability to define passwords statically 2016-10-06 05:20:02 +05:30
*: add more comments to the example config 2016-10-14 21:28:57 +05:30			`connectors:`
			`- type: mockCallback`
			`id: mock`
			`name: Example`
*: expand environment variables in config Allow users to define config values which are read form environemnt variables. Helpful for sensitive variables such as OAuth2 client IDs or LDAP credentials. 2016-10-23 02:06:31 +05:30			`# - type: oidc`
			`# id: google`
			`# name: Google`
			`# config:`
			`# issuer: https://accounts.google.com`
*: readme updates for v2 2016-11-09 01:21:59 +05:30			`# # Connector config values starting with a "$" will read from the environment.`
*: expand environment variables in config Allow users to define config values which are read form environemnt variables. Helpful for sensitive variables such as OAuth2 client IDs or LDAP credentials. 2016-10-23 02:06:31 +05:30			`# clientID: $GOOGLE_CLIENT_ID`
			`# clientSecret: $GOOGLE_CLIENT_SECRET`
Fix Google OIDC callback url 2016-11-21 23:55:16 +05:30			`# redirectURI: http://127.0.0.1:5556/dex/callback`
*: add more comments to the example config 2016-10-14 21:28:57 +05:30
*: readme updates for v2 2016-11-09 01:21:59 +05:30			`# Let dex keep a list of passwords which can be used to login to dex.`
*: add the ability to define passwords statically 2016-10-06 05:20:02 +05:30			`enablePasswordDB: true`

			`# A static list of passwords to login the end user. By identifying here, dex`
*: add more comments to the example config 2016-10-14 21:28:57 +05:30			`# won't look in its underlying storage for passwords.`
			`#`
			`# If this option isn't choosen users may be added through the gRPC API.`
*: add the ability to define passwords statically 2016-10-06 05:20:02 +05:30			`staticPasswords:`
			`- email: "admin@example.com"`
			`# bcrypt hash of the string "password"`
cmd/dex: only expand from env for storages and connectors Bcrypt'd hashes have "$" characters in them. This means that #667 (accepting actually bcrypted values) combined with #627 (expanding config with environment variables) broke the example config. For now, allow storages and connectors to expand their configs from the environment, but don't do this anywhere else. 2016-11-04 09:38:50 +05:30			`hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W"`
*: add the ability to define passwords statically 2016-10-06 05:20:02 +05:30			`username: "admin"`
			`userID: "08a8684b-db88-4b73-90a9-3cd1661f5466"`