Re: [keycloak-user] Unable to query currently set bindCredentials for LDAP

I am using Puppet to automate the configuration of my Keycloak server and one thing I automate is the addition of LDAP authentication backends.  I have discovered that bindCredential comes back as "**********" [1] which prevents Puppet from knowing if the value is set correctly.  Is there a way to have Keycloak return the actual value that’s stored in the database?  I have found where in the database this is stored but I’d rather not have to resort to direct database queries with Puppet as that would severely limit the database backends I can support. If there is no way to expose actual bindCredential value, is there a way to test that the currently set bind credentials actually work?  I have noticed that something like testLDAPConnection has to be provided the bind credentials rather than reading them from the realm’s configured LDAP. Thanks, - Trey [1] > $ /opt/keycloak/bin/kcadm.sh get components/OSC-LDAP-osc -r osc --no-config --server http://localhost:8080/auth --realm master --user admin --password <OMIT> | jq .config.bindCredential > Logging into http://localhost:8080/auth as user admin of realm master [   "**********" ] -- Trey Dockendorf HPC Systems Engineer Ohio Supercomputer Center _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user