From a2114327cf45b40f580b8b3e3b02c3ebe61d0857 Mon Sep 17 00:00:00 2001
From: AB <ab@hexor.cy>
Date: Wed, 3 Dec 2025 17:14:28 +0200
Subject: [PATCH] Got rid of authentik secret

---
 .gitea/workflows/authentik-apps.yaml | 8 ++++++++
 terraform/authentik/providers.tf     | 4 ++--
 terraform/authentik/variables.tf     | 6 ++++++
 3 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/.gitea/workflows/authentik-apps.yaml b/.gitea/workflows/authentik-apps.yaml
index 652df0c..81c8f29 100644
--- a/.gitea/workflows/authentik-apps.yaml
+++ b/.gitea/workflows/authentik-apps.yaml
@@ -30,21 +30,29 @@ jobs:
         cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
 
     - name: Terraform Init
+      env:
+        TF_VAR_authentik_token: ${{ secrets.AUTHENTIK_TOKEN }}
       run: terraform init
       working-directory: ./terraform/authentik
 
     - name: Terraform Format
+      env:
+        TF_VAR_authentik_token: ${{ secrets.AUTHENTIK_TOKEN }}
       run: terraform fmt -check
       continue-on-error: true
       working-directory: ./terraform/authentik
 
     - name: Terraform Apply
+      env:
+        TF_VAR_authentik_token: ${{ secrets.AUTHENTIK_TOKEN }}
       run: terraform apply -var-file proxy-apps.tfvars -var-file oauth2-apps.tfvars -var-file terraform.tfvars -var-file groups.tfvars -input=false -auto-approve -parallelism=100
       working-directory: ./terraform/authentik
 
     - name: Generate Wiki Content  
       if: success()
       continue-on-error: true
+      env:
+        TF_VAR_authentik_token: ${{ secrets.AUTHENTIK_TOKEN }}
       run: |
         echo "📋 Starting Wiki generation..."
         cd ./terraform/authentik
diff --git a/terraform/authentik/providers.tf b/terraform/authentik/providers.tf
index c9b58bf..187bf5e 100644
--- a/terraform/authentik/providers.tf
+++ b/terraform/authentik/providers.tf
@@ -8,6 +8,6 @@ terraform {
 }
 
 provider "authentik" {
-  url   = "https://idm.hexor.cy"
-  token = "qXcuoCg77JaRgqnU6rqIIBa8MBJ4UNyLPTL89dZI8zeC2jfaWqQ7k56BJs8F"
+  url   = var.authentik_url
+  token = var.authentik_token
 }
\ No newline at end of file
diff --git a/terraform/authentik/variables.tf b/terraform/authentik/variables.tf
index ce312f1..317f480 100644
--- a/terraform/authentik/variables.tf
+++ b/terraform/authentik/variables.tf
@@ -166,3 +166,9 @@ variable "authentik_url" {
   type        = string
   default     = "https://idm.hexor.cy"
 }
+
+variable "authentik_token" {
+  description = "Authentik API token (set via TF_VAR_authentik_token env var)"
+  type        = string
+  sensitive   = true
+}