we are using helidon logout feature. How do I avoid the creation of .helidon-oidc-secret. Is there a way to set this in configuration ? When I deploy it to cluster it is trying to create/access .helidon-oidc-secret file. We are only allowed to have read-only filesystem on our container.
The below configuration in application.yaml seems to be working for helidon 2.5.1 in local environment:
cookie-encryption-enabled: false
cookie-encryption-password: 'c'
I am using helidon 2.5.1 hence hit the issue https://github.com/oracle/helidon/issues/4512. When I moved to 2.6.0 this issue is fixed I changed it to:
cookie-encryption-enabled: false
cookie-encryption-password: 'cxif'
Do I need to use the cookie-encryption-password ? If I don't use it getting error. When I deployed to cluster with the above changes, still I am facing issue
From: OidcEncryption.java
OIDC requires encryption configuration which was not provided. We will generate
a password that will only work for the current service instance. To disable encryption,
use cookie-encryption-enabled: false configuration, to configure master password, use
cookie-encryption-password: my-master-password (must be configured to same value on all
instances that share the cookie), to configure encryption using security
(support for vaults), use
cookie-encryption-name: name (must have corresponding encryption provider and
configuration with the provided name in security), this also requires Security to be
registered with current or global Context (this works automatically in Helidon MP).
This message is logged just once, before generating the master password
The OIDC configuration is documented here.
If you set cookie-encryption-enabled you skip encryption and the file .helidon-oidc-secret should not be created.
If you set cookie-encryption-password, you are configuring an explicit encryption password so the file should .helidon-oidc-secret should not be created.