Forte/launchpad
6
0
Fork 0
Code Issues Pull Requests Actions Packages Wiki Activity

client secret fixes
Some checks failed
Deploy Gitea Pages / build-and-deploy (push) Failing after 6m6s
Details

Browse Source
This commit is contained in:
Danijel Simeunovic
2026-04-16 15:04:27 +02:00
parent 7e10954a8f
commit 020dfeffd4
4 changed files with 38 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
docs/DEVELOPER-GUIDE.md
View File

@@ -1283,7 +1283,9 @@ In `infra/values/keycloak-values.yaml`, add a new entry to the `clients` array i
"attributes": {
"k8s.secret.sync": "true",
"k8s.secret.namespace": "myapp",
"k8s.secret.name": "myapp-oidc-credentials"
"k8s.secret.name": "myapp-oidc-credentials",
"k8s.secret.client-id-key": "key",
"k8s.secret.client-secret-key": "secret"
}
}
```
@@ -1292,6 +1294,7 @@ In `infra/values/keycloak-values.yaml`, add a new entry to the `clients` array i
- Do **NOT** include a `"secret"` field — Keycloak generates one automatically
- The `attributes` block tells the syncer where to create the K8s Secret
- The target namespace must exist before the syncer runs (ArgoCD creates it via `CreateNamespace=true`)
- Set `client-id-key` / `client-secret-key` to match what the consuming app expects (defaults: `client-id` / `client-secret`)
### Step 2: Reference the Secret in Your Application
@@ -1345,11 +1348,15 @@ kubectl get secret myapp-oidc-credentials -n myapp -o jsonpath='{.data.client-se
### Sync Attribute Reference
| Attribute | Required | Description |
|-----------|----------|-------------|
| `k8s.secret.sync` | Yes | Set to `"true"` to enable syncing |
| `k8s.secret.namespace` | Yes | Target K8s namespace for the secret |
| `k8s.secret.name` | Yes | Name of the K8s Secret to create |
| Attribute | Required | Default | Description |
|-----------|----------|---------|-------------|
| `k8s.secret.sync` | Yes | — | Set to `"true"` to enable syncing |
| `k8s.secret.namespace` | Yes | — | Target K8s namespace for the secret |
| `k8s.secret.name` | Yes | — | Name of the K8s Secret to create |
| `k8s.secret.client-id-key` | No | `client-id` | Field name for the client ID in the K8s Secret |
| `k8s.secret.client-secret-key` | No | `client-secret` | Field name for the client secret in the K8s Secret |
**Note on key names:** Different applications expect different field names. For example, the Gitea Helm chart expects `key` and `secret`, while a generic OIDC consumer might expect `client-id` and `client-secret`. Use the optional key attributes to match what the consuming application expects.
### Retrieving Secrets for External Deployments