Sign-in providers read credentials from AWS SSM. The pod's ExternalSecret syncs them into env vars at boot.
1. Create an OAuth 2.0 client at https://console.cloud.google.com/apis/credentials
2. Register this callback URL as an authorized redirect URI:
https://dashboard.prod.veloxp.com/api/auth/oauth/google/callback
3. Stash the Client ID and Client Secret in SSM (us-east-2, SecureString):
aws ssm put-parameter --region us-east-2 \ --name /veloxp/deployments/prod/env/OAUTH_GOOGLE_CLIENT_ID \ --type SecureString --overwrite --value '<paste-client-id>' aws ssm put-parameter --region us-east-2 \ --name /veloxp/deployments/prod/env/OAUTH_GOOGLE_CLIENT_SECRET \ --type SecureString --overwrite --value '<paste-client-secret>'
1. Create an OAuth 2.0 client at https://developers.facebook.com/apps/
2. Register this callback URL as an authorized redirect URI:
https://dashboard.prod.veloxp.com/api/auth/oauth/facebook/callback
3. Stash the Client ID and Client Secret in SSM (us-east-2, SecureString):
aws ssm put-parameter --region us-east-2 \ --name /veloxp/deployments/prod/env/OAUTH_FACEBOOK_CLIENT_ID \ --type SecureString --overwrite --value '<paste-client-id>' aws ssm put-parameter --region us-east-2 \ --name /veloxp/deployments/prod/env/OAUTH_FACEBOOK_CLIENT_SECRET \ --type SecureString --overwrite --value '<paste-client-secret>'
1. Create an OAuth 2.0 client at https://developer.amazon.com/dashboard
2. Register this callback URL as an authorized redirect URI:
https://dashboard.prod.veloxp.com/api/auth/oauth/amazon/callback
3. Stash the Client ID and Client Secret in SSM (us-east-2, SecureString):
aws ssm put-parameter --region us-east-2 \ --name /veloxp/deployments/prod/env/OAUTH_AMAZON_CLIENT_ID \ --type SecureString --overwrite --value '<paste-client-id>' aws ssm put-parameter --region us-east-2 \ --name /veloxp/deployments/prod/env/OAUTH_AMAZON_CLIENT_SECRET \ --type SecureString --overwrite --value '<paste-client-secret>'
After updating SSM:
# 1. ExternalSecret refreshes every 30s; force the pod to pick up the # fresh Secret with a rollout restart: kubectl -n veloxp rollout restart deployment dashboard-prod # 2. Reload this page once the pod is ready — the status badges flip # to CONFIGURED.
Ready to sign in? Back to sign in