updated values file and pre install config map for new token env vars

keithhubner · keithhubner · commit 7ca99408712c · 2025-10-24T11:27:54.000+01:00
diff --git a/charts/self-host/templates/pre-install-hook-configmap.yaml b/charts/self-host/templates/pre-install-hook-configmap.yaml
@@ -39,6 +39,11 @@ data:
   globalSettings__sso__enforceSsoPolicyForAllUsers: {{ .Values.general.sso.enforceSsoPolicyForAllUsers | quote }}
 {{- if not (and .Values.volume.logs .Values.volume.logs.enabled) }}
   globalSettings__logDirectory: "/dev/null"
+{{- end }}
+{{- if not (.Values.general.refreshTokens.enabled) }}
+  globalSettings__IdentityServer__ApplyAbsoluteRefreshTokenOnRefreshToken="true"
+  globalSettings__IdentityServer__AbsoluteRefreshTokenLifetimeSeconds={{ .Values.general.refreshTokens.absoluteRefreshTokenLifetimeSeconds | default "0" }}
+  globalSettings__IdentityServer__SlidingRefreshTokenLifetimeSeconds={{ .Values.general.refreshTokens.slidingRefreshTokenLifetimeSeconds | default "1" }}
 {{- end }}
   globalSettings__logRollBySizeLimit: ""
   globalSettings__syslog__destination: ""
diff --git a/charts/self-host/values.yaml b/charts/self-host/values.yaml
@@ -9,8 +9,9 @@ general:
     # Set to false if using a custom ingress
     enabled: true
     # Current supported values for ingress type include: nginx
-    className: "nginx"
-     ## - Annotations to add to the Ingress resource.
+    className:
+      "nginx"
+      ## - Annotations to add to the Ingress resource.
     annotations:
       # nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
       # nginx.ingress.kubernetes.io/use-regex: "true"
@@ -104,6 +105,13 @@ general:
   # Cloud region for sync.  Please see: https://bitwarden.com/help/families-for-enterprise-self-hosted/#step-1-enable-cloud-communication
   cloudRegion: US
 
+  # Refresh token variables https://bitwarden.com/help/environment-variables/#refresh-token-variables
+  refreshTokens:
+    # Set to true to enable refresh tokens.  Recommended for production environments.
+    enabled: false
+    absoluteRefreshTokenLifetimeSeconds: ""
+    slidingRefreshTokenLifetimeSeconds: ""
+
 # Specify the name of the shared storage class
 # This storage class requires ReadWriteMany.  You will need to provide your own storage class.  Storage classes with automatic volume previsioners are recommended.
 sharedStorageClassName: "shared-storage"
