feat: add support for Yubikey OTP authentication

Signed-off-by: Lester Guerzon <[email protected]>
guerzon · Dec 22, 2023 · 2cac470 · 2cac470
1 parent 358c4b1
commit 2cac470
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 1 deletion.
diff --git a/charts/vaultwarden/Chart.yaml b/charts/vaultwarden/Chart.yaml
@@ -13,5 +13,5 @@ maintainers:
   - name: guerzon
     email: [email protected]
     url: https://github.com/guerzon
-version: 0.18.3
+version: 0.19.0
 kubeVersion: ">=1.12.0-0"
diff --git a/charts/vaultwarden/README.md b/charts/vaultwarden/README.md
@@ -293,6 +293,9 @@ helm -n $NAMESPACE uninstall $RELEASE_NAME
 | `serviceAccount.name`          | Name of the service account to create                                                                    | `vaultwarden-svc`                                                                                                                        |
 | `podSecurityContext`           | Pod security options                                                                                     | `{}`                                                                                                                                     |
 | `securityContext`              | Default security options to run vault as read only container without privilege escalation                | `{}`                                                                                                                                     |
+| `yubico.clientId`              | Yubico client ID                                                                                         | `""`                                                                                                                                     |
+| `yubico.secretKey`             | Yubico secret key                                                                                        | `""`                                                                                                                                     |
+| `yubico.server`                | Specify a Yubico server, otherwise the default servers will be used                                      | `""`                                                                                                                                     |
 
 ### Exposure Parameters
 

diff --git a/charts/vaultwarden/templates/configmap.yaml b/charts/vaultwarden/templates/configmap.yaml
@@ -63,3 +63,10 @@ data:
   PUSH_INSTALLATION_ID: {{ .Values.pushNotifications.installationId | quote }}
   PUSH_INSTALLATION_KEY: {{ .Values.pushNotifications.installationKey | quote }}
   {{- end }}
+  {{- if and .Values.yubico.clientId .Values.yubico.secretKey }}
+  YUBICO_CLIENT_ID: {{ .Values.yubico.clientId | quote }}
+  YUBICO_SECRET_KEY: {{ .Values.yubico.secretKey | quote }}
+  {{- if .Values.yubico.server }}
+  YUBICO_SERVER: {{ .Values.yubico.server | quote }}
+  {{- end }}
+  {{- end }}
diff --git a/charts/vaultwarden/values.yaml b/charts/vaultwarden/values.yaml
@@ -148,6 +148,15 @@ securityContext: {}
   #   drop:
   #     - ALL
 
+## @param yubico.clientId Yubico client ID
+## @param yubico.secretKey Yubico secret key
+## @param yubico.server Specify a Yubico server, otherwise the default servers will be used
+##
+yubico:
+  clientId: ""
+  secretKey: ""
+  server: ""
+
 
 ## @section Exposure Parameters
 ##