Add the option to configure the bind password using an environment variable for the LDAP connector.

[onkarbhat]

In a k8s deployment that uses Dex, this will allow us to define an environment variable using a k8s secret that contains the bind password instead of showing it in plaintext in a configmap.

This partially meets requirements in #1099.

Related issue - #1158

cc: @sagikazarmark @bonifaido @danilina-wsib

[heidemn]

@onkarbhat have you seen the new config templating feature, coming in the next release?
This should solve your problem already.
examples/config-tmpl.yaml

Note that above config file is just an example. You can define your own, using all the templating logic you need.

[sagikazarmark]

Yeah, I don't think we'll be accepting this one. @onkarbhat please try the new templating feature.

[onkarbhat]

Thank you @heidemn @sagikazarmark 👍🏼 . I believe these are the steps that a user would have to execute in order to configure a password in the LDAP connector config in Dex in a K8s cluster.

• Create a secret that contains the password.
• Mount the secret's entry as an environment variable in the Dex Pod. Lets call this env as LDAP_BIND_PW_ENV.
• Prepare a config.docker.yaml with the bindPW set like this: {{ getenv "LDAP_BIND_PW_ENV" "" }}
• Store config.docker.yaml in a config map, and mount it at /etc/dex/config.docker.yaml .

[sagikazarmark]

That sounds about right. I'd probably consider using bank-vaults or kube-secrets-init instead of Kubernetes secrets though.