diff --git a/helm/templates/api/api-configmap.yaml b/helm/templates/api/api-configmap.yaml index e5ebf6cae9..b403eae976 100644 --- a/helm/templates/api/api-configmap.yaml +++ b/helm/templates/api/api-configmap.yaml @@ -396,7 +396,16 @@ data: {{- end }} # Allows to define if cookie secure only (default false) cookie-secure: {{ .Values.api.jwt.cookie.secure | default false }} - + security: + defaultAdmin: {{ .Values.api.security.defaultAdmin | default true }} + accountAccessTokens: + encoder: + settings: + rounds: {{ .Values.api.security.accountTokenBcryptRounds | default 10 }} + {{- if .Values.api.security.providers }} + providers: + {{- toYaml .Values.api.security.providers | nindent 8 }} + {{- end}} {{- if .Values.userManagement }} user: {{ toYaml .Values.userManagement | indent 6 }} diff --git a/helm/values.yaml b/helm/values.yaml index e81c7a3711..553b702300 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -436,6 +436,30 @@ api: internalPortName: http # appProtocol: http # annotations: + security: + defaultAdmin: true + accountTokenBcryptRounds: 10 + providers: + - type: memory + enabled: false + ## Name of IdentityProvider + ## If missing the type will be used to create a generic name (ex: Memory users) + #name: + ## password encoding/hashing algorithm. One of: + ## - BCrypt : passwords are hashed with bcrypt (supports only $2a$ algorithm) + ## - none : passwords are not hashed/encrypted + #default value is BCrypt + password-encoding-algo: BCrypt + users: + - user: + username: admin + #email: + firstname: Administrator + lastname: Administrator + ## Passwords are encoded using BCrypt + ## Password value: adminadmin + password: $2a$10$NG5WLbspq8V1yJDzUKfUK.oum94qL/Ne3B5fQCgekw/Y4aOEaoFZq + role: ORGANIZATION_OWNER securityContext: runAsUser: 1001 runAsNonRoot: true