-
Feature
-
Resolution: Unresolved
-
Undefined
-
None
-
None
-
False
-
-
False
Red Hat build of Keycloak 22 provides out-of-the-box implementations of the Vault SPI: a plain-text file-based vault and Java KeyStore-based vault.
The file-based vault implementation is especially useful for Kubernetes/OpenShift secrets. One can mount Kubernetes secrets into the Red Hat build of Keycloak Container, and the data fields will be available in the mounted folder with a flat-file structure.
The Java KeyStore-based vault implementation is useful for storing secrets in bare metal installations. One can use the KeyStore vault, which is encrypted using a password.
The Operator already allows adding more config options from the Keycloak Quarkus distribution to Keycloak CR as per GHI#13456.
We need to provide a Vault full support in the Operator, allowing config options for Vault probably requiring to extend current Vault functionality to accommodate more fields throughout Realm representation.
Cf. GHI#14403