Onyxia
HomeGitHub
v8
  • Documentation
  • Release Notes & Upgrade Instructions
  • Vulnerability Disclosure
v8
  • Admin doc
    • 🏁Install
      • đŸ›ŗī¸Kubernetes
      • 🐙GitOps
      • 🔑User authentication
      • đŸ—ƒī¸Data (S3)
      • 🔓Vault
    • 🎨Theme and branding
    • đŸ”ŦCatalog of services
    • đŸ‘ĨSetting up group projects
    • 🔓Security consideration
    • âŦ†ī¸Migration guides
      • âŦ†ī¸v7->v8
      • âŦ†ī¸v6 -> v7
      • âŦ†ī¸v5 -> v6
      • âŦ†ī¸v4 -> v5
      • âŦ†ī¸Migrating to the new helm repo
  • Contributors doc
    • đŸ–Ĩī¸The Web Application
      • âš™ī¸Technical stack
      • 📐Architecture
    • 🔌The REST API
    • đŸ›Ŗī¸Roadmap
  • user doc
    • đŸ•šī¸Getting started with Onyxia
    • 🎓Datascience Trainings and Tutorials
    • đŸ’ģSetting up your dev environment in Onyxia
    • 🤝Community resources
Powered by GitBook
On this page
  1. Admin doc
  2. Install

Vault

Let's use hashicorp Vault for storing the user secrets.

Vault is also used by Onyxia as the persistance layer for all savec configuration. If you don't have a vault all user setings are stored in the local storage.

Onyxia-web use vault as a storage for two kinds of secrets : 1. secrets or information generate by Onyxia to store differents values (ui preferences for example) 2. user secrets Vault must be configured with JWT or OIDC authentification methods.

As vault need to be initialized with a master key, It can't be directly configured with all parameters such as oidc or access policies and roles. So first step we create a vault with dev mode (do not use this in production and do your initialization with any of the recommanded configuration : shamir, gcp, another vault)

helm repo add hashicorp https://helm.releases.hashicorp.com
 
DOMAIN=my-domain.net

cat << EOF > ./vault-values.yaml
server:
  dev:
    enabled: true
    # Set VAULT_DEV_ROOT_TOKEN_ID value
    devRootToken: "root"
  ingress:
    enabled: true
    annotations:
      kubernetes.io/ingress.class: nginx
    hosts:
      - host: "vault.lab.$DOMAIN"
    tls:
      - hosts:
          - vault.lab.$DOMAIN
EOF

helm install vault hashicorp/vault -f vault-values.yaml

Create a client called "vault"

  1. Root URL: https://vault.lab.my-domain.net/

  2. Valid redirect URIs: https://vault.lab.my-domain.net/*

  3. Web origins: *

Last updated 10 months ago

TODO; .

🏁
🔓
Refer to the legacy documentation