Skip to content
Documentation

This is the Experimental version (Latest). It is under active development and may change. For the most reliable documentation, use the version selector in the top-right to switch to Stable, or click here to go to the Stable version's homepage.

Procuring Keycloak Credentials

Last updated:

After configuring the Opstella realm and its clients, you need to procure the Client Secrets and the Realm Public Key. These will be used in subsequent steps to configure the DevSecOps tools (ArgoCD, GitLab, SonarQube, etc.).

Procurement Process

Section titled “Procurement Process”

  1. Export Required Shell Variables

    Ensure KEYCLOAK_DOMAIN and KEYCLOAK_REALM are defined as per the Shell Variables guide. Ensure you have KEYCLOAK_ADMIN_USERNAME and KEYCLOAK_ADMIN_PASSWORD exported in your current shell from your variables.

  2. Procure Credentials with Ansible

    Use the following commands to run the procurement tool. This uses a Docker-based Ansible image to securely fetch and save the credentials to a local file using the pre-provided playbook.

    Terminal window
    # 1. Create the local file so ownership is yours
    touch $BASE_WORKING_DIR/creds.txt
    

    # 2. Run using the lightweight Ansible-based image
    docker run --rm \
        -v $BASE_WORKING_DIR/assets/files/kc-get-creds.yml:/data/playbook.yml \
        -v $BASE_WORKING_DIR/creds.txt:/data/creds.txt \
        cytopia/ansible:latest-tools \
        ansible-playbook playbook.yml \
        -e "keycloak_url=https://${KEYCLOAK_DOMAIN}" \
        -e "admin_user=${KEYCLOAK_ADMIN_USERNAME}" \
        -e "admin_pass=${KEYCLOAK_ADMIN_PASSWORD}" \
        -e "realm_name=${KEYCLOAK_REALM}" \
        -e "output_file=creds.txt"

    Once finished, the client secrets and public key will be available in the creds.txt file.

Finished?

Use the below navigation to proceed