Identity Provider Client Secret File

• Environmental Variable: IDP_CLIENT_SECRET_FILE
• Config File Key: idp_client_secret_file
• Kubernetes: see identityProvider.secret
• Type: string
• Required (unless using identity_provider_client_secret)

Client Secret is the OAuth 2.0 Secret Identifier retrieved from your identity provider. See your identity provider's documentation, and our identity provider docs for details.

identity_provider_client_secret_file points to a file containing the secret. This is useful when deploying in environments that provide secret management like Docker Swarm. For example:

idp_client_secret_file: '/run/secrets/POMERIUM_CLIENT_SECRET'

Note:

Pomerium uses the Hosted Authenticate Service by default.

If you want to run Pomerium with a self-hosted authenticate service, include an identity provider and authenticate service URL in your configuration.

See Self-Hosted Authenticate Service for more information.