From ec14b9b39f87aa0e81c735384f0e469f5ff6de1a Mon Sep 17 00:00:00 2001 From: _index Date: Mon, 18 Aug 2025 21:41:26 +0200 Subject: [PATCH 1/6] feat: add secret autogeneration --- livekit-server/templates/secret.yaml | 11 +++++++++-- livekit-server/values.yaml | 3 +++ 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/livekit-server/templates/secret.yaml b/livekit-server/templates/secret.yaml index 986f149..9d2331a 100644 --- a/livekit-server/templates/secret.yaml +++ b/livekit-server/templates/secret.yaml @@ -6,5 +6,12 @@ metadata: labels: {{- include "livekit-server.labels" . | nindent 4 }} data: - {{ .Values.livekit.key_file }}: {{ toYaml .Values.storeKeysInSecret.keys | b64enc }} -{{- end }} + {{- if and .Values.autogenerateKeys (empty .Values.storeKeysInSecret.keys) (empty .Values.livekit.keys) }} + {{- $apiKey := randAlphaNum 20 }} + {{- $apiSecret := randAlphaNum 50 }} + {{ .Values.livekit.key_file }}: | + {{ $apiKey }}: {{ $apiSecret }} + {{- else }} + {{ .Values.livekit.key_file }}: {{ toYaml .Values.storeKeysInSecret.keys | b64enc }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/livekit-server/values.yaml b/livekit-server/values.yaml index bcf6d51..3c987d1 100644 --- a/livekit-server/values.yaml +++ b/livekit-server/values.yaml @@ -47,6 +47,9 @@ livekit: # room: # region: +# Set this option to true if you want to generate your API keys and store them in a secret instead of the config file +autoGenerateKeys: false + # Set this option to true if you want to store your API keys in a secret instead of the config file storeKeysInSecret: enabled: false From 9ca65aa3f6005906aa8389c25cfdda756a195ae1 Mon Sep 17 00:00:00 2001 From: _index Date: Mon, 18 Aug 2025 21:48:44 +0200 Subject: [PATCH 2/6] fix: variable expansion --- livekit-server/templates/secret.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/livekit-server/templates/secret.yaml b/livekit-server/templates/secret.yaml index 9d2331a..022b458 100644 --- a/livekit-server/templates/secret.yaml +++ b/livekit-server/templates/secret.yaml @@ -9,9 +9,9 @@ data: {{- if and .Values.autogenerateKeys (empty .Values.storeKeysInSecret.keys) (empty .Values.livekit.keys) }} {{- $apiKey := randAlphaNum 20 }} {{- $apiSecret := randAlphaNum 50 }} - {{ .Values.livekit.key_file }}: | - {{ $apiKey }}: {{ $apiSecret }} + {{- $keyData := dict $apiKey $apiSecret | toYaml | b64enc }} + {{ .Values.livekit.key_file }}: {{ $keyData }} {{- else }} {{ .Values.livekit.key_file }}: {{ toYaml .Values.storeKeysInSecret.keys | b64enc }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} From df1e311dcc7fcecc4315577918acc2ba5f35a3f0 Mon Sep 17 00:00:00 2001 From: _index Date: Mon, 18 Aug 2025 21:54:50 +0200 Subject: [PATCH 3/6] style: slight rewrite --- livekit-server/templates/secret.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/livekit-server/templates/secret.yaml b/livekit-server/templates/secret.yaml index 022b458..84b9063 100644 --- a/livekit-server/templates/secret.yaml +++ b/livekit-server/templates/secret.yaml @@ -9,8 +9,8 @@ data: {{- if and .Values.autogenerateKeys (empty .Values.storeKeysInSecret.keys) (empty .Values.livekit.keys) }} {{- $apiKey := randAlphaNum 20 }} {{- $apiSecret := randAlphaNum 50 }} - {{- $keyData := dict $apiKey $apiSecret | toYaml | b64enc }} - {{ .Values.livekit.key_file }}: {{ $keyData }} + {{- $keyData := dict $apiKey $apiSecret }} + {{ .Values.livekit.key_file }}: {{ toYaml $keyData | b64enc }} {{- else }} {{ .Values.livekit.key_file }}: {{ toYaml .Values.storeKeysInSecret.keys | b64enc }} {{- end }} From 34f56174f9ebe46cf3341309cd590c6635cbffa0 Mon Sep 17 00:00:00 2001 From: _index Date: Mon, 18 Aug 2025 22:09:29 +0200 Subject: [PATCH 4/6] fix: referenceability of api secrets --- livekit-server/templates/secret.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/livekit-server/templates/secret.yaml b/livekit-server/templates/secret.yaml index 84b9063..bb20292 100644 --- a/livekit-server/templates/secret.yaml +++ b/livekit-server/templates/secret.yaml @@ -11,6 +11,8 @@ data: {{- $apiSecret := randAlphaNum 50 }} {{- $keyData := dict $apiKey $apiSecret }} {{ .Values.livekit.key_file }}: {{ toYaml $keyData | b64enc }} + api_key: {{ $apiKey | b64enc }} + api_secret: {{ $apiSecret | b64enc }} {{- else }} {{ .Values.livekit.key_file }}: {{ toYaml .Values.storeKeysInSecret.keys | b64enc }} {{- end }} From decb76ba2d9d5d46cec2e40e8e146d2b4fa622bb Mon Sep 17 00:00:00 2001 From: _index Date: Mon, 18 Aug 2025 22:20:19 +0200 Subject: [PATCH 5/6] fix: move autoGenerateKeys inside storeKeysInSecret, add documentation --- livekit-server/templates/secret.yaml | 2 +- livekit-server/values.yaml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/livekit-server/templates/secret.yaml b/livekit-server/templates/secret.yaml index bb20292..d4ec648 100644 --- a/livekit-server/templates/secret.yaml +++ b/livekit-server/templates/secret.yaml @@ -6,7 +6,7 @@ metadata: labels: {{- include "livekit-server.labels" . | nindent 4 }} data: - {{- if and .Values.autogenerateKeys (empty .Values.storeKeysInSecret.keys) (empty .Values.livekit.keys) }} + {{- if and .Values.storeKeysInSecret.autoGenerateKeys (empty .Values.storeKeysInSecret.keys) (empty .Values.livekit.keys) }} {{- $apiKey := randAlphaNum 20 }} {{- $apiSecret := randAlphaNum 50 }} {{- $keyData := dict $apiKey $apiSecret }} diff --git a/livekit-server/values.yaml b/livekit-server/values.yaml index 3c987d1..27b4db2 100644 --- a/livekit-server/values.yaml +++ b/livekit-server/values.yaml @@ -47,12 +47,12 @@ livekit: # room: # region: -# Set this option to true if you want to generate your API keys and store them in a secret instead of the config file -autoGenerateKeys: false - # Set this option to true if you want to store your API keys in a secret instead of the config file storeKeysInSecret: enabled: false + # Set this option to true if you want to generate your API keys and store them in a secret instead of the config file. + # storeKeysInSecret.enabled needs to be true for this option to work. + autoGenerateKeys: false # Use a pre existing secret, useful to combine with external secret managers # as GCP External Secrets or Hashicorp Vault existingSecret: "" From 5077ac7b598936a4bf24e9d5f96f7da4471cbe36 Mon Sep 17 00:00:00 2001 From: _index <105852101+indexds@users.noreply.github.com> Date: Mon, 25 Aug 2025 14:29:38 +0000 Subject: [PATCH 6/6] feat: make api key not random --- livekit-server/templates/secret.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/livekit-server/templates/secret.yaml b/livekit-server/templates/secret.yaml index d4ec648..2950d90 100644 --- a/livekit-server/templates/secret.yaml +++ b/livekit-server/templates/secret.yaml @@ -7,7 +7,7 @@ metadata: {{- include "livekit-server.labels" . | nindent 4 }} data: {{- if and .Values.storeKeysInSecret.autoGenerateKeys (empty .Values.storeKeysInSecret.keys) (empty .Values.livekit.keys) }} - {{- $apiKey := randAlphaNum 20 }} + {{- $apiKey := "lk_api_key" }} {{- $apiSecret := randAlphaNum 50 }} {{- $keyData := dict $apiKey $apiSecret }} {{ .Values.livekit.key_file }}: {{ toYaml $keyData | b64enc }}