From a1a7c048c16e7588ccd720f58f0b15f6bd1053a3 Mon Sep 17 00:00:00 2001 From: Sten Date: Thu, 28 May 2026 16:51:04 +0200 Subject: [PATCH] docs(apps): clarify mcp deployment needs no auth-oidc secret --- apps/base/forte-drop-mcp/kustomization.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/apps/base/forte-drop-mcp/kustomization.yaml b/apps/base/forte-drop-mcp/kustomization.yaml index 9d5338b..e91a747 100644 --- a/apps/base/forte-drop-mcp/kustomization.yaml +++ b/apps/base/forte-drop-mcp/kustomization.yaml @@ -3,4 +3,7 @@ kind: Kustomization resources: - forte-drop-mcp.yaml - keycloak-client-forte-drop-mcp.yaml -# - auth-oidc-sealed.yaml # added in follow-up commit +# Note: no auth-oidc Secret needed for type: mcp. The MCP sidecar only validates +# tokens against the OIDC issuer (RFC 9728 resource server) and never authenticates +# itself, so it doesn't read a client-secret. forte-drop-secrets (shared with the +# web deployment) covers PG + S3 creds.