Keeping OIDC client_secret out of git

[Cantor, Scott]

On 6/30/20, 11:09 AM, "users on behalf of Darren Boss" <users-bounces at shibboleth.net on behalf of darren.boss at computecanada.ca> wrote:

> Is anyone doing something similar and come up with a solution?

The next plugin release is planning to support SAML metadata with a key-by-reference syntax that can pull the secrets from an external source. It's been prototyped with a REST sort of approach using the HTTP connector in the IdP.

Of course, the  *right* answer is public keys...

-- Scott