Implement S3 media storage for Authentik by adding configuration options for dedicated S3 bucket and credentials. Update README and default values to clarify usage and requirements for S3 integration, ensuring compatibility with Velero settings. Enhance Ansible tasks to load S3 configurations from the environment.

2026-05-14 20:07:52 -04:00
parent 57a149b3d2
commit e48b19b64c
8 changed files with 186 additions and 24 deletions
--- a/.env.sample
+++ b/.env.sample
@@ -30,3 +30,11 @@ NOBLE_AUTHENTIK_CLIENT_SECRET_HEADLAMP=
 NOBLE_AUTHENTIK_CLIENT_SECRET_OAUTH2_PROXY=
 # Random secret for oauth2-proxy session cookie (see oauth2-proxy Helm chart docs; e.g. openssl rand -base64 32 | head -c 32 | base64)
 NOBLE_AUTHENTIK_OAUTH2_PROXY_COOKIE_SECRET=
+# S3 media — **separate** bucket from Velero backups (**NOBLE_VELERO_S3_BUCKET**). Endpoint and keys default to the Velero vars above unless you set the Authentik-specific overrides.
+NOBLE_AUTHENTIK_MEDIA_S3_BUCKET=
+# Optional overrides (otherwise **NOBLE_VELERO_S3_URL** and Velero AWS keys are used):
+# NOBLE_AUTHENTIK_S3_URL=
+# NOBLE_AUTHENTIK_S3_ACCESS_KEY=
+# NOBLE_AUTHENTIK_S3_SECRET_KEY=
+# NOBLE_AUTHENTIK_S3_REGION=
+# NOBLE_AUTHENTIK_S3_ADDRESSING_STYLE=