#188: keycloak_quarkus: allow setting "sensitive options" using a Java KeyStore file #188

2025-08-29 17:31:50 -07:00 · 2024-04-16 09:39:03 +02:00 · 2024-04-16 09:39:03 +02:00 · 0ee29eb483
commit 0ee29eb483
parent 60ca798e1a
7 changed files with 94 additions and 0 deletions
--- a/roles/keycloak_quarkus/meta/argument_specs.yml
+++ b/roles/keycloak_quarkus/meta/argument_specs.yml
@ -152,6 +152,14 @@ argument_specs:
                default: ""
                description: "Password for the trust store"
                type: "str"
+            keycloak_quarkus_config_key_store_file:
+                default: "{{ keycloak.home }}/conf/conf_store.p12"
+                description: "Path to the configuration key store; only used if `keycloak_quarkus_keystore_password` is not empty"
+                type: "str"
+            keycloak_quarkus_config_key_store_password:
+                default: ""
+                description: "Password of the configuration key store; if non-empty, `keycloak_quarkus_db_pass` will be saved to the key store at `keycloak_quarkus_config_key_store_file` (instead of being written to the configuration file in clear text"
+                type: "str"
            keycloak_quarkus_https_port:
                default: 8443
                description: "HTTPS port"