move SSO client secret to Docker secret, gate SSO entrypoint on SSO_ENABLED

2026-03-01 02:48:46 +00:00
parent bd2488ffea
commit b8f074e0a7
5 changed files with 21 additions and 11 deletions
--- a/sso.js.tmpl
+++ b/sso.js.tmpl
@ -12,7 +12,7 @@ module.exports = {
            type: "oidc",
            url: "{{ env "SSO_OIDC_URL" }}",
            client_id: "{{ env "SSO_CLIENT_ID" }}",
-            client_secret: "{{ env "SSO_CLIENT_SECRET" }}",
+            client_secret: "{{ secret "sso_client_s" }}",
            id_token_alg: "{{ env "SSO_JWT_ALG" }}",
            use_pkce: true,
            use_nonce: true