#!/usr/bin/env bash
# Usage: bash manifests/authentik/authentik-secret.sh
# Description: Creates the Authentik secret-key and PostgreSQL password (safe to re-run)
set -euo pipefail
kubectl create secret generic authentik-secrets \
  --namespace authentik \
  --from-literal=secret-key="$(openssl rand -base64 50)" \
  --from-literal=postgresql-password="$(openssl rand -base64 24)" \
  --dry-run=client -o yaml | kubectl apply -f -