36 lines
1.6 KiB
Plaintext
36 lines
1.6 KiB
Plaintext
# TEMPLATE — do NOT commit a filled-in copy. Generate the real secret
|
|
# via scripts/generate-secrets.sh and apply once out-of-band:
|
|
#
|
|
# ./scripts/generate-secrets.sh > infra/k3s/20-secrets.yaml
|
|
# kubectl apply -f infra/k3s/20-secrets.yaml
|
|
#
|
|
# Component passwords are only used cluster-internally between
|
|
# prosody/jicofo/jvb — clients (browsers) never see them.
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: jitsi-secrets
|
|
namespace: jitsi
|
|
type: Opaque
|
|
stringData:
|
|
# Inter-component passwords — generate fresh via generate-secrets.sh
|
|
JICOFO_COMPONENT_SECRET: "REPLACE_WITH_32_RANDOM_CHARS"
|
|
JICOFO_AUTH_USER: "focus"
|
|
JICOFO_AUTH_PASSWORD: "REPLACE_WITH_32_RANDOM_CHARS"
|
|
JVB_AUTH_USER: "jvb"
|
|
JVB_AUTH_PASSWORD: "REPLACE_WITH_32_RANDOM_CHARS"
|
|
# HMAC key shared with Embertime — must match app_settings.meeting_jwt_secret
|
|
# in Embertime's DB. Get it from the Embertime UI (Settings → Meeting-Server
|
|
# → "Secret rotieren") OR query the DB directly with:
|
|
# kubectl -n embertime exec -it deploy/embertime-postgres -- \
|
|
# psql -U embertime -t -c "select meeting_jwt_secret from app_settings"
|
|
JWT_APP_SECRET: "REPLACE_WITH_VALUE_FROM_EMBERTIME"
|
|
# HMAC secret shared between coturn and Prosody. Prosody mints
|
|
# time-limited TURN credentials; coturn validates with the same key.
|
|
# Set under BOTH key names — same value:
|
|
# - TURN_CREDENTIALS (Prosody mod_external_services convention)
|
|
# - TURN_CREDENTIALS_SECRET (coturn / our manifest convention)
|
|
# generate-secrets.sh writes both for you.
|
|
TURN_CREDENTIALS: "REPLACE_WITH_32_RANDOM_CHARS"
|
|
TURN_CREDENTIALS_SECRET: "REPLACE_WITH_32_RANDOM_CHARS"
|