From 3132f4963303937ec8db33c7aba0b159ee5d8ff5 Mon Sep 17 00:00:00 2001 From: Akash Kumar Date: Sun, 24 May 2026 02:29:49 +0530 Subject: [PATCH] docs: clarify dex config env expansion Signed-off-by: Akash Kumar --- content/docs/getting-started.md | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/content/docs/getting-started.md b/content/docs/getting-started.md index 022e067..b4bc378 100644 --- a/content/docs/getting-started.md +++ b/content/docs/getting-started.md @@ -43,7 +43,7 @@ The [example config][example-config] file documents many of the configuration op ### Templated configuration -The default entrypoint for distributed container images utilize [gomplate][gomplate] +The default entrypoint for distributed container images utilizes [gomplate][gomplate] to pre-process configuration files (`.tpl`, `.tmpl`, `.yaml`) passed as arguments. This enables templating any field from the environment, for example: @@ -53,6 +53,16 @@ secret: "{{ .Env.MY_SECRET_ENV }}" See [gomplate docs][gomplate-docs] for templating syntax. +Gomplate preprocessing is provided by the container image entrypoint. If a +deployment overrides the container command and runs the `dex` binary directly, +for example `dex serve /etc/dex/config.yaml`, the entrypoint is skipped and +gomplate templates are not rendered. + +Dex also expands environment variables in configuration values before parsing +the config file. This supports `$VAR` and `${VAR}` references in YAML values, +such as connector credentials. Set `DEX_EXPAND_ENV=false` to disable this +built-in expansion. + ## Running a client Dex operates like most other OAuth2 providers. Users are redirected from a client app to dex to login. Dex ships with an example client app (built with the `make examples` command), for testing and demos.