Skip to main content
HashiConf More sessions have been added to the conference agenda. Buy your pass and plan your schedule. Register
Presentation

Managing Keycloak client secrets with vault

Published 6:00 AM UTC Dec 31, 2022

A common practice to secure services is to use OAuth2. Keycloak is an open source implementation of OAuth’s authorization server and widely adopted technology across the IT industry. A delicate but important part of the OAuth setup is the distribution of sensitive client secrets to backend applications. In this talk I’ll show how we use our vault Keycloak plugin to distribute client secrets directly to an application running in nomad. You will learn how to avoid manual provisioning Keycloak client secrets in your application deployment. Therefore, mitigating the risk of exposing sensitive data.

A common practice to secure services is to use OAuth2. Keycloak is an open source implementation of OAuth’s authorization server and widely adopted technology across the IT industry. A delicate but important part of the OAuth setup is the distribution of sensitive client secrets to backend applications.

In this talk I’ll show how we use our vault Keycloak plugin to distribute client secrets directly to an application running in nomad.

You will learn how to avoid manual provisioning Keycloak client secrets in your application deployment. Therefore, mitigating the risk of exposing sensitive data.

More resources like this one

  • 4/11/2024
  • FAQ
Introduction to HashiCorp Vault
Vault identity diagram
  • 12/28/2023
  • FAQ
Why should we use identity-based or "identity-first" security as we adopt cloud infrastructure?
  • 3/14/2023
  • Article
5 best practices for secrets management
  • 2/3/2023
  • Case Study
Automating Multi-Cloud, Multi-Region Vault for Teams and Landing Zones
View all resources