#!/bin/bash
# Run once to create the Authentik secret. Safe to re-run (dry-run + apply).
kubectl create secret generic authentik-secrets \
  --namespace authentik \
  --from-literal=secret-key="$(openssl rand -base64 50)" \
  --from-literal=postgresql-password="$(openssl rand -base64 24)" \
  --dry-run=client -o yaml | kubectl apply -f -