Merge pull request #189 from world-direct/feature/188_config_keystore

#188: add support for configuration key store
2025-07-30 00:21:36 -07:00 · 2024-04-17 17:50:30 +02:00 · 2024-04-17 17:50:30 +02:00 · 4f8ed5194c
commit 4f8ed5194c
parent 462389cf0f e991bd32c8
10 changed files with 172 additions and 20 deletions
--- a/roles/keycloak_quarkus/meta/argument_specs.yml
+++ b/roles/keycloak_quarkus/meta/argument_specs.yml
@ -125,25 +125,41 @@ argument_specs:
                description: "Enable configuration of HTTPS via a key store"
                type: "bool"
            keycloak_quarkus_key_store_file:
+                default: ""
+                description: "Deprecated, use `keycloak_quarkus_https_key_store_file` instead."
+                type: "str"
+            keycloak_quarkus_key_store_password:
+                default: ""
+                description: "Deprecated, use `keycloak_quarkus_https_key_store_password` instead."
+                type: "str"
+            keycloak_quarkus_https_key_store_file:
                default: "{{ keycloak.home }}/conf/key_store.p12"
                description: "The file path to the key store"
                type: "str"
-            keycloak_quarkus_key_store_password:
+            keycloak_quarkus_https_key_store_password:
                default: ""
                description: "Password for the key store"
                type: "str"
            keycloak_quarkus_https_trust_store_enabled:
                default: false
-                description: "Enalbe confiugration of a trust store"
+                description: "Enable configuration of the https trust store"
                type: "bool"
-            keycloak_quarkus_trust_store_file:
+            keycloak_quarkus_https_trust_store_file:
                default: "{{ keycloak.home }}/conf/trust_store.p12"
                description: "The file path to the trust store"
                type: "str"
-            keycloak_quarkus_trust_store_password:
+            keycloak_quarkus_https_trust_store_password:
                default: ""
                description: "Password for the trust store"
                type: "str"
+            keycloak_quarkus_config_key_store_file:
+                default: "{{ keycloak.home }}/conf/conf_store.p12"
+                description: "Path to the configuration key store; only used if `keycloak_quarkus_keystore_password` is not empty"
+                type: "str"
+            keycloak_quarkus_config_key_store_password:
+                default: ""
+                description: "Password of the configuration key store; if non-empty, `keycloak_quarkus_db_pass` will be saved to the key store at `keycloak_quarkus_config_key_store_file` (instead of being written to the configuration file in clear text"
+                type: "str"
            keycloak_quarkus_https_port:
                default: 8443
                description: "HTTPS port"
@ -295,7 +311,7 @@ argument_specs:
            keycloak_quarkus_proxy_headers:
                default: ""
                type: "str"
-                description: "Parse reverse proxy headers (`forwarded` or `xforwardedPassword`), overrides the deprecated keycloak_quarkus_proxy_mode argument"
+                description: "Parse reverse proxy headers (`forwarded` or `xforwarded`), overrides the deprecated keycloak_quarkus_proxy_mode argument"
            keycloak_quarkus_start_dev:
                default: false
                type: "bool"