smtp config

smtp
2026-04-16 15:13:18 +02:00 · 2026-04-16 10:42:35 +02:00
6 changed files with 42 additions and 426 deletions
--- a/docs/DEVELOPER-GUIDE.md
+++ b/docs/DEVELOPER-GUIDE.md
@@ -9,7 +9,6 @@
 - [Updating an Existing Application](#updating-an-existing-application)
 - [Working with Secrets](#working-with-secrets)
 - [Enabling Authentication for Applications](#enabling-authentication-for-applications)
 - [Adding a New Keycloak Client](#adding-a-new-keycloak-client)
 - [Troubleshooting](#troubleshooting)
 - [Best Practices](#best-practices)
@@ -1248,142 +1247,6 @@ kubectl logs -n myapp <pod-name> -c authn
 ---
 ## Adding a New Keycloak Client
 When you need an application to authenticate via Keycloak (OIDC), you can add a client definition to the realm config. The secret syncer automatically extracts the Keycloak-generated client secret into a Kubernetes Secret that your application can reference — no manual secret management needed.
 ### How It Works
 1. You define a client in `forte-realm.json` (inside `keycloak-values.yaml`) **without** a `secret` field
 2. Keycloak auto-generates a cryptographically strong secret on first creation
 3. An ArgoCD **PostSync Job** (`keycloak-secret-syncer`) runs after each Keycloak sync:
   - Authenticates to the Keycloak Admin API
   - Finds clients with `k8s.secret.sync: "true"` in their attributes
   - Extracts the auto-generated secret for each client
   - Creates/updates a K8s Secret in the target namespace with `client-id` and `client-secret` keys
 4. Your application references the syncer-created Secret
 ### Step 1: Add Client to Realm Config
 In `infra/values/keycloak-values.yaml`, add a new entry to the `clients` array in `forte-realm.json`:
 ```json
 {
  "clientId": "myapp",
  "name": "My Application",
  "enabled": true,
  "protocol": "openid-connect",
  "clientAuthenticatorType": "client-secret",
  "standardFlowEnabled": true,
  "directAccessGrantsEnabled": false,
  "publicClient": false,
  "redirectUris": ["https://myapp.forteapps.net/*"],
  "webOrigins": ["https://myapp.forteapps.net"],
  "defaultClientScopes": ["openid", "email", "profile"],
  "attributes": {
    "k8s.secret.sync": "true",
    "k8s.secret.namespace": "myapp",
    "k8s.secret.name": "myapp-oidc-credentials",
    "k8s.secret.client-id-key": "key",
    "k8s.secret.client-secret-key": "secret"
  }
 }
 ```
 **Important**:
 - Do **NOT** include a `"secret"` field — Keycloak generates one automatically
 - The `attributes` block tells the syncer where to create the K8s Secret
 - The target namespace must exist before the syncer runs (ArgoCD creates it via `CreateNamespace=true`)
 - Set `client-id-key` / `client-secret-key` to match what the consuming app expects (defaults: `client-id` / `client-secret`)
 ### Step 2: Reference the Secret in Your Application
 In your application's Helm values, reference the syncer-created secret:
 ```yaml
 # In helm-values/myapp/values.yaml (or inline in values file)
 # The secret will have keys: client-id, client-secret
 existingSecret: myapp-oidc-credentials
 key: client-secret
 ```
 For Gitea-style oauth config:
 ```yaml
 oauth:
 - name: "Forte"
  provider: "openidConnect"
  existingSecret: myapp-oidc-credentials
  key: client-secret
  autoDiscoverUrl: "https://id.forteapps.net/realms/forte/.well-known/openid-configuration"
 ```
 ### Step 3: Commit and Push
 ```bash
 cd ~/dev/k8s/launchpad
 git add infra/values/keycloak-values.yaml
 git commit -m "Add myapp Keycloak client with auto-sync"
 git push
 ```
 ArgoCD will:
 1. Sync the Keycloak config (keycloakConfigCli creates the client)
 2. Run the PostSync syncer Job
 3. The syncer creates `myapp-oidc-credentials` in the `myapp` namespace
 ### Step 4: Verify
 ```bash
 # Check the syncer job ran successfully
 kubectl get jobs -n keycloak
 kubectl logs -n keycloak job/keycloak-secret-syncer
 # Verify the secret was created
 kubectl get secret myapp-oidc-credentials -n myapp -o yaml
 # Check the secret has the expected keys
 kubectl get secret myapp-oidc-credentials -n myapp -o jsonpath='{.data.client-id}' | base64 -d
 kubectl get secret myapp-oidc-credentials -n myapp -o jsonpath='{.data.client-secret}' | base64 -d
 ```
 ### Sync Attribute Reference
 | Attribute | Required | Default | Description |
 |-----------|----------|---------|-------------|
 | `k8s.secret.sync` | Yes | — | Set to `"true"` to enable syncing |
 | `k8s.secret.namespace` | Yes | — | Target K8s namespace for the secret |
 | `k8s.secret.name` | Yes | — | Name of the K8s Secret to create |
 | `k8s.secret.client-id-key` | No | `client-id` | Field name for the client ID in the K8s Secret |
 | `k8s.secret.client-secret-key` | No | `client-secret` | Field name for the client secret in the K8s Secret |
 **Note on key names:** Different applications expect different field names. For example, the Gitea Helm chart expects `key` and `secret`, while a generic OIDC consumer might expect `client-id` and `client-secret`. Use the optional key attributes to match what the consuming application expects.
 ### Retrieving Secrets for External Deployments
 The syncer always writes a **central copy** of every synced secret to the `secrets` namespace, in addition to the target namespace. This allows operators to retrieve client credentials for applications deployed outside this cluster:
 ```bash
 # View the central copy
 kubectl get secret gitea-oidc-credentials -n secrets -o yaml
 # Extract the client secret for use elsewhere
 kubectl get secret myapp-oidc-credentials -n secrets \
  -o jsonpath='{.data.client-secret}' | base64 -d
 ```
 This is useful when an application runs on a separate cluster or external infrastructure and needs the Keycloak-generated OIDC credentials provisioned manually (e.g., via a SealedSecret on the remote side).
 ### Syncer Behavior Notes
 - The syncer runs as an ArgoCD **PostSync hook** — it executes after all Keycloak resources are healthy
 - `BeforeHookCreation` delete policy ensures old Job is cleaned up before each run
 - If the target namespace doesn't exist, the target write is skipped with a warning (the central copy still happens)
 - A central copy is **always** written to the `secrets` namespace for every synced client
 - The syncer uses the `keycloak-credentials` secret for admin authentication
 - Created secrets have the label `app.kubernetes.io/managed-by: keycloak-secret-syncer`
 ---
 ## Troubleshooting
 ### Application Not Deploying
@@ -1716,4 +1579,4 @@ Now that you understand the basics:
 - Docs: [Full documentation index](README.md)
 - Help: Contact platform team
-**Last Updated**: 2026-04-16
+**Last Updated**: 2026-03-16
--- a/docs/REFERENCE.md
+++ b/docs/REFERENCE.md
@@ -869,67 +869,6 @@ dind:
 - Gitea admin panel (`/admin/runners`) — runners show as Online
 - Create test workflow in `.gitea/workflows/test.yml` — job executes
 ### Keycloak Secret Syncer
 **Type**: ArgoCD PostSync Job (deployed via Keycloak Helm chart `extraDeploy`)
 **Namespace**: `keycloak`
 **Purpose**: Automatically extracts Keycloak-generated client secrets and syncs them into Kubernetes Secrets in target namespaces. Eliminates the need to manually manage OIDC client secrets.
 **How It Works**:
 1. Runs as an ArgoCD PostSync hook after Keycloak resources are healthy
 2. Authenticates to Keycloak Admin API using admin credentials from `keycloak-credentials` secret
 3. Queries all clients in the `forte` realm
 4. Filters clients with `k8s.secret.sync: "true"` attribute
 5. For each matching client, retrieves the auto-generated secret via Keycloak Admin API
 6. Creates/updates a K8s Secret in the target namespace (from `k8s.secret.namespace` attribute)
 7. Always writes a central copy to the `secrets` namespace (for external deployment retrieval)
 **Resources**:
 - `ServiceAccount`: `keycloak-secret-syncer` (namespace: `keycloak`)
 - `ClusterRole`: `keycloak-secret-syncer` (secrets: get/create/update/patch; namespaces: get/list)
 - `ClusterRoleBinding`: `keycloak-secret-syncer`
 - `Job`: `keycloak-secret-syncer` (PostSync hook)
 **Client Attributes** (set in `forte-realm.json`):
 | Attribute | Required | Default | Description |
 |-----------|----------|---------|-------------|
 | `k8s.secret.sync` | Yes | — | Set to `"true"` to enable syncing |
 | `k8s.secret.namespace` | Yes | — | Target K8s namespace |
 | `k8s.secret.name` | Yes | — | Name of the K8s Secret |
 | `k8s.secret.client-id-key` | No | `client-id` | Field name for client ID in the Secret |
 | `k8s.secret.client-secret-key` | No | `client-secret` | Field name for client secret in the Secret |
 **Created Secret Format** (key names configurable via attributes):
 ```yaml
 apiVersion: v1
 kind: Secret
 metadata:
  name: <k8s.secret.name>
  namespace: <k8s.secret.namespace>
  labels:
    app.kubernetes.io/managed-by: keycloak-secret-syncer
 type: Opaque
 data:
  <client-id-key>: <base64-encoded client ID>
  <client-secret-key>: <base64-encoded client secret>
 ```
 **Verification**:
 ```bash
 # Check job status
 kubectl get jobs -n keycloak
 # View syncer logs
 kubectl logs -n keycloak job/keycloak-secret-syncer
 # Verify created secret
 kubectl get secret <name> -n <namespace> -o yaml
 ```
 **See**: [Developer Guide - Adding a New Keycloak Client](DEVELOPER-GUIDE.md#adding-a-new-keycloak-client)
 ### Renovate
 **Chart**: `renovate` (OCI: `ghcr.io/renovatebot/charts`)
@@ -1589,6 +1528,6 @@ team: platform
 ---
-**Last Updated**: 2026-04-16
+**Last Updated**: 2026-04-14
 **Maintained By**: Platform Team
 **Version**: 1.0.0
--- a/infra/keycloak.yaml
+++ b/infra/keycloak.yaml
@@ -40,9 +40,3 @@ spec:
    - CreateNamespace=true
    - Validate=true
    - ServerSideApply=true
  ignoreDifferences:
  - group: batch
    kind: Job
    jsonPointers:
    - /spec/template/spec/containers/0/args
--- a/infra/values/gitea-values.yaml
+++ b/infra/values/gitea-values.yaml
@@ -65,11 +65,30 @@ gitea:
      ISSUE_INDEXER_TYPE: bleve
      REPO_INDEXER_ENABLED: true
    mailer:
      ENABLED: true
      PROTOCOL: smtps
      SMTP_ADDR: smtp.office365.com
      SMTP_PORT: 587
      FROM: "noreply@fortedigital.com"
  # -- SMTP credentials injected from secret (USER and PASSWD)
  additionalConfigFromEnvs:
  - name: GITEA__mailer__USER
    valueFrom:
      secretKeyRef:
        name: gitea-smtp-secret
        key: username
  - name: GITEA__mailer__PASSWD
    valueFrom:
      secretKeyRef:
        name: gitea-smtp-secret
        key: password
  # -- OIDC authentication via Forte
  oauth:
  - name: "Forte"
    provider: "openidConnect"
-    existingSecret: gitea-oidc-credentials
+    existingSecret: gitea-credentials
    key: gitea
    autoDiscoverUrl: "https://id.forteapps.net/realms/forte/.well-known/openid-configuration"
    scopes: "openid email profile organization"
--- a/infra/values/keycloak-values.yaml
+++ b/infra/values/keycloak-values.yaml
@@ -72,19 +72,13 @@ keycloakConfigCli:
            "enabled": true,
            "protocol": "openid-connect",
            "clientAuthenticatorType": "client-secret",
            "secret": "382ed413580cb79d0f54813e5da87007b28fe766a8903d378b9e1c266405a784",
            "standardFlowEnabled": true,
            "directAccessGrantsEnabled": false,
            "publicClient": false,
            "redirectUris": ["https://git.forteapps.net/*"],
            "webOrigins": ["https://git.forteapps.net"],
            "defaultClientScopes": ["openid", "email", "profile"],
            "attributes": {
              "k8s.secret.sync": "true",
              "k8s.secret.namespace": "gitea",
              "k8s.secret.name": "gitea-oidc-credentials",
              "k8s.secret.client-id-key": "key",
              "k8s.secret.client-secret-key": "secret"
            },
            "protocolMappers": [
              {
                "name": "email_verified",
@@ -103,215 +97,3 @@ keycloakConfigCli:
          }
        ]
      }
 extraDeploy:
 # -- ServiceAccount for the secret syncer Job
 - apiVersion: v1
  kind: ServiceAccount
  metadata:
    name: keycloak-secret-syncer
    namespace: keycloak
 # -- ClusterRole granting access to secrets and namespaces
 - apiVersion: rbac.authorization.k8s.io/v1
  kind: ClusterRole
  metadata:
    name: keycloak-secret-syncer
  rules:
  - apiGroups: [""]
    resources: ["secrets"]
    verbs: ["get", "create", "update", "patch"]
  - apiGroups: [""]
    resources: ["namespaces"]
    verbs: ["get", "list"]
 # -- ClusterRoleBinding for the syncer ServiceAccount
 - apiVersion: rbac.authorization.k8s.io/v1
  kind: ClusterRoleBinding
  metadata:
    name: keycloak-secret-syncer
  roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: keycloak-secret-syncer
  subjects:
  - kind: ServiceAccount
    name: keycloak-secret-syncer
    namespace: keycloak
 # -- PostSync Job: extracts Keycloak client secrets into K8s Secrets
 - apiVersion: batch/v1
  kind: Job
  metadata:
    name: keycloak-secret-syncer
    namespace: keycloak
    annotations:
      argocd.argoproj.io/hook: PostSync
      argocd.argoproj.io/hook-delete-policy: BeforeHookCreation
  spec:
    backoffLimit: 3
    template:
      spec:
        serviceAccountName: keycloak-secret-syncer
        restartPolicy: Never
        containers:
        - name: syncer
          image: alpine:3.20
          command: ["/bin/sh", "-c"]
          args:
          - |
            set -e
            apk add --no-cache curl jq > /dev/null 2>&1
            KEYCLOAK_URL="http://keycloak:80"
            REALM="forte"
            # Read admin credentials from the keycloak-credentials secret
            ADMIN_USER="admin"
            ADMIN_PASS=$(cat /secrets/admin-password)
            # Authenticate to Keycloak Admin API
            echo "Authenticating to Keycloak..."
            TOKEN=$(curl -sf -X POST "${KEYCLOAK_URL}/realms/master/protocol/openid-connect/token" \
              -d "client_id=admin-cli" \
              -d "username=${ADMIN_USER}" \
              -d "password=${ADMIN_PASS}" \
              -d "grant_type=password" | jq -r '.access_token')
            if [ -z "$TOKEN" ] || [ "$TOKEN" = "null" ]; then
              echo "ERROR: Failed to authenticate to Keycloak"
              exit 1
            fi
            # Get all clients in the realm
            echo "Fetching clients from realm '${REALM}'..."
            CLIENTS=$(curl -sf -H "Authorization: Bearer ${TOKEN}" \
              "${KEYCLOAK_URL}/admin/realms/${REALM}/clients")
            # Filter clients with k8s.secret.sync=true
            SYNC_CLIENTS=$(echo "$CLIENTS" | jq -c '[.[] | select(.attributes["k8s.secret.sync"] == "true")]')
            COUNT=$(echo "$SYNC_CLIENTS" | jq 'length')
            echo "Found ${COUNT} client(s) with sync enabled"
            K8S_API="https://kubernetes.default.svc"
            SA_TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
            CA_CERT="/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
            CENTRAL_NS="secrets"
            # Upsert a K8s Secret: try PUT (update), fall back to POST (create)
            upsert_secret() {
              local ns="$1" name="$2" manifest="$3"
              local code
              code=$(curl -sf -o /dev/null -w "%{http_code}" \
                --cacert "$CA_CERT" \
                -H "Authorization: Bearer ${SA_TOKEN}" \
                -H "Content-Type: application/json" \
                -X PUT -d "$manifest" \
                "${K8S_API}/api/v1/namespaces/${ns}/secrets/${name}")
              if [ "$code" = "200" ]; then
                echo "  Updated secret '${ns}/${name}'"
              elif [ "$code" = "404" ]; then
                code=$(curl -sf -o /dev/null -w "%{http_code}" \
                  --cacert "$CA_CERT" \
                  -H "Authorization: Bearer ${SA_TOKEN}" \
                  -H "Content-Type: application/json" \
                  -X POST -d "$manifest" \
                  "${K8S_API}/api/v1/namespaces/${ns}/secrets")
                if [ "$code" = "201" ]; then
                  echo "  Created secret '${ns}/${name}'"
                else
                  echo "  ERROR: Failed to create secret '${ns}/${name}' (HTTP ${code})"
                  return 1
                fi
              else
                echo "  ERROR: Failed to update secret '${ns}/${name}' (HTTP ${code})"
                return 1
              fi
            }
            # Build a Secret JSON manifest
            # Args: namespace, name, id-key, secret-key, b64-id, b64-secret
            build_manifest() {
              local ns="$1" name="$2" id_key="$3" secret_key="$4" b64_id="$5" b64_secret="$6"
              cat <<MANIFEST
            {
              "apiVersion": "v1",
              "kind": "Secret",
              "metadata": {
                "name": "${name}",
                "namespace": "${ns}",
                "labels": {
                  "app.kubernetes.io/managed-by": "keycloak-secret-syncer"
                }
              },
              "type": "Opaque",
              "data": {
                "${id_key}": "${b64_id}",
                "${secret_key}": "${b64_secret}"
              }
            }
            MANIFEST
            }
            echo "$SYNC_CLIENTS" | jq -c '.[]' | while read -r CLIENT; do
              CLIENT_ID=$(echo "$CLIENT" | jq -r '.clientId')
              CLIENT_UUID=$(echo "$CLIENT" | jq -r '.id')
              TARGET_NS=$(echo "$CLIENT" | jq -r '.attributes["k8s.secret.namespace"]')
              TARGET_NAME=$(echo "$CLIENT" | jq -r '.attributes["k8s.secret.name"]')
              # Configurable key names (defaults: client-id, client-secret)
              ID_KEY=$(echo "$CLIENT" | jq -r '.attributes["k8s.secret.client-id-key"] // "client-id"')
              SECRET_KEY=$(echo "$CLIENT" | jq -r '.attributes["k8s.secret.client-secret-key"] // "client-secret"')
              echo "Processing client '${CLIENT_ID}' -> secret '${TARGET_NS}/${TARGET_NAME}' (keys: ${ID_KEY}, ${SECRET_KEY})"
              # Get the client secret from Keycloak
              SECRET_VALUE=$(curl -sf -H "Authorization: Bearer ${TOKEN}" \
                "${KEYCLOAK_URL}/admin/realms/${REALM}/clients/${CLIENT_UUID}/client-secret" \
                | jq -r '.value')
              if [ -z "$SECRET_VALUE" ] || [ "$SECRET_VALUE" = "null" ]; then
                echo "  WARNING: No secret found for client '${CLIENT_ID}', skipping"
                continue
              fi
              B64_CLIENT_ID=$(printf '%s' "$CLIENT_ID" | base64 | tr -d '\n')
              B64_SECRET=$(printf '%s' "$SECRET_VALUE" | base64 | tr -d '\n')
              # 1. Write to target namespace (if it exists)
              NS_STATUS=$(curl -sf -o /dev/null -w "%{http_code}" \
                --cacert "$CA_CERT" \
                -H "Authorization: Bearer ${SA_TOKEN}" \
                "${K8S_API}/api/v1/namespaces/${TARGET_NS}")
              if [ "$NS_STATUS" = "200" ]; then
                MANIFEST=$(build_manifest "$TARGET_NS" "$TARGET_NAME" "$ID_KEY" "$SECRET_KEY" "$B64_CLIENT_ID" "$B64_SECRET")
                upsert_secret "$TARGET_NS" "$TARGET_NAME" "$MANIFEST" || exit 1
              else
                echo "  WARNING: Namespace '${TARGET_NS}' does not exist, skipping target"
              fi
              # 2. Always write a central copy to the secrets namespace
              CENTRAL_MANIFEST=$(build_manifest "$CENTRAL_NS" "$TARGET_NAME" "$ID_KEY" "$SECRET_KEY" "$B64_CLIENT_ID" "$B64_SECRET")
              upsert_secret "$CENTRAL_NS" "$TARGET_NAME" "$CENTRAL_MANIFEST" || exit 1
            done
            echo "Secret sync complete"
          volumeMounts:
          - name: keycloak-credentials
            mountPath: /secrets
            readOnly: true
          resources:
            requests:
              cpu: 50m
              memory: 64Mi
            limits:
              cpu: 200m
              memory: 128Mi
        volumes:
        - name: keycloak-credentials
          secret:
            secretName: keycloak-credentials
            items:
            - key: admin-password
              path: admin-password
--- a/secrets/gitea-smtp-secret-sealed.yaml
+++ b/secrets/gitea-smtp-secret-sealed.yaml
@@ -0,0 +1,19 @@
 ---
 apiVersion: bitnami.com/v1alpha1
 kind: SealedSecret
 metadata:
  creationTimestamp: null
  name: gitea-smtp-secret
  namespace: gitea
 spec:
  encryptedData:
    password: AgBMuISQeA41mtBIOo686sND2EO12Jv7BIogL5G7xxt7wKfIk88dQrU74vs+fv3OtPce2Ra63QkR6po31M9fZkoiYba5yqJtEOc6em3y0ZxM/UzavbRvHwrvsWEYqmHBnkCUjcJijdGbSX+rHyGsXLfZO0gOjqXO379Zl1fzmV4p3F5REXFQm6HorVtWX/LOSRj9GDW76l6KgPR/A+CbtAx8Cq0m3D3fyiaVLEReP3uOgBOo70APHj9Yp56EcgOtVa1pEgCxR4ctXeS4t/EliWcHc/JT4TBdRBRDYPKLfME6FvJxjLjaSZcWxtJrJzCv3+vA5LlfObuHY31aSDRqYwO4VBCPhf3Aa6Z5UXgUnmAtJRhHa9pKSSjW48jgNb1jDPIkQn5XgB2/twJ+gX3inAkrTQ82JJ75Rz7XWC8KmYkOtkgXgU2buCa4nIfPeXOr5qvutyywxV1Ge1nK0fQYneQZVFXlHTbAQXBJMpVvJoJ+G3xGjm1904/iBGkVKmNrQwaABUsGBC6ZIHGOTa45GBqrg3ODU2Gr61SCYxv6m3pMU1msR7QYne0oqLCVD8mLDaeSeiQI4ZY9u4ddsVwM6l2BFrT6+3IQuYPBgOoodzDVlCgmA7hoekhpak9vZ0loSHaWDXdNt75SemAjsQfwCO5sSEkr+wbCJEQpXh5p38RMZKTuOh3nYEGQEx/MQNl3VD4FarK/zOJM9EO9IkqdM4LnqVo3zPX4KAPosS1PPKS8
    username: AgBF6MiaI1x2xQOUoF4NUh4MeFF64Db3vywcEO0FdJ0U9EirVFMsBSSiqJLy8ok43ha72s+/RLBNHiSSRKX1UMWwwCsfs+LQJNh9EetgHRxoyqkHiqRMX5V2acU2scdPE/FCFQFOYzAjweup+kP8xNu1WKuDtPBRiAgBNDfW59ihFi9TgOJQ2AnDHottjm5CNaWsbTOSgZrXqzCEChfHu5K0W9cty9ENHYqnYDfcm/zPLYeUPW0gVN5GJq3lPo9vZjM7T2JnwryjOkBaPCRCzHOpRF3bMrArFrjbUlH6gdI0APf4CzGLMMKol/jTMG2tLBseaNQHfbz6p1vFYExCL60gSN46fzh10zIWaIC2O+SgoLLOizkQZWf/v86cdRerBSl6PFmbRUO18XUQ4SyR/WPM71HD1jeLnUZjKtkOu+fqQKlv8kBSELHGqiURNYDnbmUA1LQpdNkDnMkRS+uzQ3XwWCSQBAn+u9wh69kg1oPVEN60Nc4KpNwFIg25aycGkP3cMklfl3/u9nr5KruwtJe+hl2ynSk8zeEFWWQrBki7+88CH9aWVW/GTA8Ho7Fz+gp4ZUdUA0WhH2LRAQIN945pvJIkHm/AYAhH6pZiXdBzYeguPY5VEf6hDVM1sa39aSZzs81cj0YHxbjR/BoBxbUAa9xW7JYH2rcIqXDhJB4zq2H++8e0eABsdQC3tMmE1eQA51d0yg8+2fX+CRkcvMCmI3VjS/mdirrtnctv
  template:
    metadata:
      creationTimestamp: null
      labels:
        allowedToBeCloned: "true"
      name: gitea-smtp-secret
      namespace: gitea
    type: Opaque
Author	SHA1	Message	Date
Danijel Simeunovic	4486279eab	smtp config	2026-04-16 15:13:18 +02:00
Danijel Simeunovic	88c29565b6	smtp	2026-04-16 10:42:35 +02:00