[keycloak-dev] Suggestion of fields covered by Vault SPI
Michal Hajas
mhajas at redhat.com
Thu Aug 22 02:29:09 EDT 2019
Hi all,
we are getting together fields that can obtain their value from the vault.
We decided to start with a small subset of fields and then add more
if needed.
Suggested subset is following:
- SMTP password
- LDAP password
- Identity provider secret
- Client secret (should be easy)
There are also other fields which we were considering, however, we decided
not to add them for now. Feel free to comment on any of these fields or
suggest new once. We are open to add any new fields in case of reasonable
arguments.
- KeyProviders - This part should be probably added soon as some follow-up
work. It might be a little bit tricky as we don't want to duplicate each
KeyProvider with its Vaul*KeyProvider version.
- Saml keys (private key for signing, encryption)
- External tokens from identity brokering
- User credentials (hashed passwords, OTP secrets, etc.)
- Credential Attributes
- Federated User Credentials
- Federated User Credential Attributes
Best regards,
Michal
More information about the keycloak-dev
mailing list