Procuring Keycloak Credentials

After configuring the Opstella realm and its clients, you need to procure the Client Secrets and the Realm Public Key. These will be used in subsequent steps to configure the DevSecOps tools (ArgoCD, GitLab, SonarQube, etc.).

Procurement Process

1. Export Required Shell Variables

   Ensure KEYCLOAK_DOMAIN and KEYCLOAK_REALM are defined as per the Shell Variables guide. Ensure you have the following variables exported in your current shell:

   export KEYCLOAK_ADMIN_USER="admin"
   export KEYCLOAK_ADMIN_PASSWORD="CHANGEME"

2. Procure Credentials with Ansible

   Use the following commands to run the procurement tool. This uses a Docker-based Ansible image to securely fetch and save the credentials to a local file using the pre-provided playbook.

   # 1. Create the local file so ownership is yours
   touch $HOME/opstella-installation/creds.txt
   
   # 2. Run using the lightweight Ansible-based image
   docker run --rm \
       -v $HOME/opstella-installation/assets/files/kc-get-creds.yml:/data/playbook.yml \
       -v $HOME/opstella-installation/creds.txt:/data/creds.txt \
       cytopia/ansible:latest-tools \
       ansible-playbook playbook.yml \
       -e "keycloak_url=https://${KEYCLOAK_DOMAIN}" \
       -e "admin_user=${KEYCLOAK_ADMIN_USER}" \
       -e "admin_pass=${KEYCLOAK_ADMIN_PASSWORD}" \
       -e "realm_name=${KEYCLOAK_REALM}" \
       -e "output_file=creds.txt"

   Once finished, the client secrets and public key will be available in the creds.txt file.

Security Reminder

The creds.txt file contains sensitive information. Use the credentials to configure your DevSecOps tools and remove the file immediately after use.