How to avoid the .helidon-oidc-secret file creation while using logout features in helidon

Question

we are using helidon logout feature. How do I avoid the creation of .helidon-oidc-secret. Is there a way to set this in configuration ? When I deploy it to cluster it is trying to create/access .helidon-oidc-secret file. We are only allowed to have read-only filesystem on our container.

The below configuration in application.yaml seems to be working for helidon 2.5.1 in local environment:

cookie-encryption-enabled: false   
cookie-encryption-password: 'c'

I am using helidon 2.5.1 hence hit the issue https://github.com/oracle/helidon/issues/4512. When I moved to 2.6.0 this issue is fixed I changed it to:

cookie-encryption-enabled: false      
cookie-encryption-password: 'cxif'

Do I need to use the cookie-encryption-password ? If I don't use it getting error. When I deployed to cluster with the above changes, still I am facing issue

Answer 1

From: OidcEncryption.java

OIDC requires encryption configuration which was not provided. We will generate
 a password that will only work for the current service instance. To disable encryption,
 use cookie-encryption-enabled: false configuration, to configure master password, use
 cookie-encryption-password: my-master-password (must be configured to same value on all
 instances that share the cookie), to configure encryption using security
 (support for vaults), use
 cookie-encryption-name: name (must have corresponding encryption provider and
 configuration with the provided name in security), this also requires Security to be
 registered with current or global Context (this works automatically in Helidon MP).
 This message is logged just once, before generating the master password

The OIDC configuration is documented here.

If you set cookie-encryption-enabled you skip encryption and the file .helidon-oidc-secret should not be created.

If you set cookie-encryption-password, you are configuring an explicit encryption password so the file should .helidon-oidc-secret should not be created.