Demo installer hangs when using custom securityConfig in Helm chart

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
OpenSearch core 2.19.2

Describe the issue:
When adding a custom securityConfig in the Opensearch Helm chart, the pod fails to startup and hangs. If “securityConfig” is omitted, the pod starts normally. At which point I can exec into it, update config/opensearhc-security/config.yml manually using the same configuration and run securityadmin.sh to update the indexes then login with OIDC without any issues.

Configuration:

  extraEnvs:
    - name: OPENSEARCH_INITIAL_ADMIN_PASSWORD
      value: 'SuperPassword123$'

  persistence:
    enabled: false
    size: 1Gi

  replicas: 1
  singleNode: true

  securityConfig:
    enabled: true
    config:
      data:
        config.yml:
          _meta:
            type: "config"
            config_version: 2
          config:
            dynamic:
              http:
                anonymous_auth_enabled: false
                xff:
                  enabled: false
                  internalProxies: '192\.168\.0\.10|192\.168\.0\.11' # regex pattern
              authc:
                openid_auth_domain:
                  http_enabled: true
                  transport_enabled: true
                  order: 0
                  http_authenticator:
                    type: openid
                    challenge: false
                    config:
                      openid_connect_idp:
                        verify_hostnames: false
                        enable_ssl: true
                        pemtrustedcas_filepath: /usr/share/opensearch/config/certs/ca.pem
                      subject_key: preferred_username
                      roles_key: opensearch-roles
                      openid_connect_url:  <keycloak .well_known>
                      jwt_header: "Authorization"
                  authentication_backend:
                    type: noop
                basic_internal_auth_domain:
                  description: "Authenticate via HTTP Basic against internal users database"
                  http_enabled: true
                  transport_enabled: true
                  order: 1
                  http_authenticator:
                    type: basic
                    challenge: true
                  authentication_backend:
                    type: intern

Relevant Logs or Screenshots:

Enabling OpenSearch Security Plugin
Enabling execution of install_demo_configuration.sh for OpenSearch Security Plugin 
OpenSearch 2.12.0 onwards, the OpenSearch Security Plugin a change that requires an initial password for 'admin' user. 
Please define an environment variable 'OPENSEARCH_INITIAL_ADMIN_PASSWORD' with a strong password string. 
If a password is not provided, the setup will quit. 
 For more details, please visit: https://opensearch.org/docs/latest/install-and-configure/install-opensearch/docker/
### OpenSearch Security Demo Installer
### ** Warning: Do not use on production or public reachable systems **
OpenSearch install type: rpm/deb on Linux 5.15.167.4-microsoft-standard-WSL2 amd64
OpenSearch config dir: /usr/share/opensearch/config/
OpenSearch config file: /usr/share/opensearch/config/opensearch.yml
OpenSearch bin dir: /usr/share/opensearch/bin/
OpenSearch plugins dir: /usr/share/opensearch/plugins/
OpenSearch lib dir: /usr/share/opensearch/lib/
Detected OpenSearch Version: 2.19.2
Detected OpenSearch Security Version: 2.19.2.0

Solved my own issue. I misunderstood that when using securityConfig.config.data you need to set values for ALL the files, not just one. Using securityConfig.configSecret with an externally created secret with key config.yml works as expected.

@chris.ancheta Thanks for sharing your solution.