# MINIO
MINIO_ROOT_USER={{ users.administrator.username }}
MINIO_ROOT_PASSWORD={{ users.administrator.password }}

{% if MINIO_OIDC_ENABLED | bool %}
# OIDC basics
MINIO_IDENTITY_OPENID_CONFIG_URL={{ OIDC.CLIENT.DISCOVERY_DOCUMENT }}
MINIO_IDENTITY_OPENID_CLIENT_ID={{ OIDC.CLIENT.ID }}
MINIO_IDENTITY_OPENID_CLIENT_SECRET={{ OIDC.CLIENT.SECRET }}
MINIO_IDENTITY_OPENID_SCOPES=openid,profile,email,groups
MINIO_IDENTITY_OPENID_DISPLAY_NAME={{ OIDC.BUTTON_TEXT }}

# We read policies from the custom 'policy' claim
MINIO_IDENTITY_OPENID_CLAIM_NAME={{ RBAC.GROUP.CLAIM }}

# Good practice behind proxies
MINIO_SERVER_URL={{ MINIO_API_URL }}
MINIO_BROWSER_REDIRECT_URL={{ MINIO_CONSOLE_URL }}
{% endif %}