docker run --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --variant sha512 --random --random.length 72 --random.charset rfc3986_CLIENT_SECRET_MYSERVICE=<random password>
CLIENT_SECRET_MYSERVICE=<digest>
Make sure to remember the random password as this is the one you have to give to the client. As such, the plain text password is also stored in the secret. Do note that this is kinda insecure, lol
kubectl create secret generic tempxxx \
--dry-run=client \
--from-env-file authelia-oidc-secrets.local.yml \
-o yaml | kubeseal --format yaml --merge-into authelia-oidc-secrets.yml
authelia-oidc-secrets.yml correctly & remove bloat from yamlauthelia-oidc-clients.yml - see existing clients for reference