Add introspection_request_headers based on secret

[PeteMac88]

Hey there,
we are using oathkeeper together with keycloak in kubernetes. We are following the gitops process and hold all our helm file configuration in github repos.

In order to access the introspect we need to add a base64 encoded Authorization header through the introspection_request_headers configuration. Problem here is that I need to add the base64 string as plain text in the oathkeeper access-rule config in the helm values which is kind of ugly and unsecure. Is there a way to set specifi configuration which normally requieres secret values through environment or k8s secrets?

[vinckr]

Hey Pete,
sorry for the late answer.
Not an expert on k8s and configuration, you can load the config files from another source with the -c path/to/config.yaml flag.
@Demonsthere: maybe you know a better solution here?

[Demonsthere]

Hi there!
I think that was you're trying to achieve is possible within our charts. Oathkeeper allows you to define extraEnvs, so you could just add it like

    extraEnv:
      - name: AUTHENTICATORS_OAUTH2_INTROSPECTION_CONFIG_INTROSPECTION_REQUEST_HEADERS
        valueFrom:
          secretKeyRef:
            name: mysecret
            key: mykey

[vinckr]

Hey @PeteMac88,
I will mark this as answered for now, but feel free to come back to this discussion if you have anything to add.