Skip to content

Configuration

Configure OpenDepot for your environment. All configuration is done through Helm chart values — no config files to manage.

  •  OIDC Authentication (Dex)


    Deploy Dex as a bundled OIDC identity provider to enable tofu login and single sign-on via Entra ID, Okta, GitHub, LDAP, and other upstream IdPs.

  •  Vulnerability Scanning


    Enable Trivy-based vulnerability scanning for provider binaries and source dependencies, with optional policy enforcement to block critical or high findings.

  •  GPG Signing


    Set up GPG signing for provider SHA256SUMS files so OpenTofu can cryptographically verify provider archives.

  •  GitHub Authentication


    Configure a GitHub App to authenticate API requests and increase rate limits when using the Depot controller with private repositories.

  •  Namespace-Scoped Mode


    Restrict OpenDepot to a single namespace using Role and RoleBinding instead of cluster-wide ClusterRole resources.

  •  TLS


    Terminate TLS on the OpenDepot server using a Kubernetes Secret, or delegate to an Ingress controller or service mesh.

  •  Registry Explorer UI


    Deploy the browsable, searchable registry frontend. Configure OIDC login, session secrets, and Ingress split-path routing for the Next.js + NGINX UI pod.