# Main configuration flags : https://www.pomerium.io/docs/reference/reference/
insecure_server: true
grpc_insecure: true

authenticate_service_url: https://authenticate.corp.beyondperimeter.com
authorize_service_url: https://pomerium-authorize-service.default.svc.cluster.local
cache_service_url: https://pomerium-cache-service.default.svc.cluster.local

override_certificate_name: "*.corp.beyondperimeter.com"

idp_provider: google
idp_client_id: REPLACE_ME.apps.googleusercontent.com
idp_client_secret: "REPLACE_ME"

policy:
  - from: https://httpbin.corp.beyondperimeter.com
    to: http://httpbin.default.svc.cluster.local:8000
    allowed_domains:
      - gmail.com