From 162fd07f7957082b172a828e69fa8ef9f125fa18 Mon Sep 17 00:00:00 2001
From: mo khan <mo@mokhan.ca>
Date: Mon, 26 May 2025 16:57:27 -0600
Subject: fix: do not provide secrets to sparkle

---
 bin/entrypoint.sh | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/bin/entrypoint.sh b/bin/entrypoint.sh
index a770286..ab38bfa 100755
--- a/bin/entrypoint.sh
+++ b/bin/entrypoint.sh
@@ -8,4 +8,10 @@ cd "$(dirname "$0")/.."
 
 ./bin/envoy.sh &   # launch envoy in background
 ./bin/authzd &     # launch authzd in background
-./bin/sparkled     # launch sparkled in foreground
+
+/usr/bin/env -i - \
+  APP_ENV="$APP_ENV" \
+  BIND_ADDR="$BIND_ADDR" \
+  OAUTH_CLIENT_ID="$OAUTH_CLIENT_ID" \
+  OIDC_ISSUER="$OIDC_ISSUER"  \
+  ./bin/sparkled # launch sparkled in foreground
-- 
cgit v1.2.3