Configure OpenID via environment

thm · 21 May 2022 10:38

I currently struggle configuring OpenID by using environment variables.

Here’s what I tried:

VIKUNJA_AUTH_OPENID_PROVIDERS: KEYCLOAK
VIKUNJA_AUTH_OPENID_PROVIDERS_KEYCLOAK_NAME: KeyCloak
VIKUNJA_AUTH_OPENID_PROVIDERS_KEYCLOAK_AUTHURL: ...
VIKUNJA_AUTH_OPENID_PROVIDERS_KEYCLOAK_CLIENTID: vikunja
VIKUNJA_AUTH_OPENID_PROVIDERS_KEYCLOAK_CLIENTSECRET: ...

This however causes the backend to panic with
interface conversion: interface {} is string, not []interface {}

Can someone show me how this should be properly configured?

kolaente · 22 May 2022 16:54

Configuring openid via env variables is currently not supported. You’ll need to use a config file for that. It is possible to use both env and config files at the same time, that way you could put only the openid config in the config file and use env variables for the rest.

thm · 23 May 2022 08:13

Thanks for the reply. Any plans on implementing this? It would be handy to have for docker-compose deployments.

kolaente · 23 May 2022 20:17

I think this would make sense, but would be a breaking change. As such, I don’t plan to implement it in the near future but added it to the backlog.

thm · 4 June 2022 16:16

Just one follow-up question: is it possible to expand environment variables in the config file? The point is that I don’t want to put the openid clientsecret into the config file (I’m using a docker-compose setup with all files but .env in git).

Like this:

auth:
  local:
    enabled: false
  openid:
    enabled: true
    providers:
      - name: "KeyCloak"
        authurl: "https://auth..."
        clientid: "vikunja"
        clientsecret: $OPENID_SECRET

and then passing OPENID_SECRET via environment?

kolaente · 7 June 2022 10:36

Right now that won’t work.

xeruf · 28 June 2022 07:28

I am hitting the exact same issue wouldn’t it be possible to simply add an extra environment variable for the meantime?

Either way, the documentation should reflect the current state, it says:

You can […] set all config option with environment variables.

It should at least be mentioned at Config options | Vikunja

kolaente · 30 June 2022 14:29

I’ve added a notice to the doc you mentioned.

phil · 7 February 2023 05:48

I would also be interested in this.
In nixos, the config file will be world readable in the nix store. Using environment variables is the only secure way of passing those secrets to the service.

c0deaddict · 14 June 2023 08:26

I’m also interested. Also installed Vikunja with NixOS and the client secret is world readable