titan-iac/services/keycloak/secretproviderclass.yaml

# services/keycloak/secretproviderclass.yaml
apiVersion: secrets-store.csi.x-k8s.io/v1
kind: SecretProviderClass
metadata:
  name: sso-vault
  namespace: sso
spec:
  provider: vault
  parameters:
    vaultAddress: "http://vault.vault.svc.cluster.local:8200"
    roleName: "sso"
    objects: |
      - objectName: "keycloak-db__POSTGRES_DATABASE"
        secretPath: "kv/data/atlas/sso/keycloak-db"
        secretKey: "POSTGRES_DATABASE"
      - objectName: "keycloak-db__POSTGRES_USER"
        secretPath: "kv/data/atlas/sso/keycloak-db"
        secretKey: "POSTGRES_USER"
      - objectName: "keycloak-db__POSTGRES_PASSWORD"
        secretPath: "kv/data/atlas/sso/keycloak-db"
        secretKey: "POSTGRES_PASSWORD"
      - objectName: "keycloak-admin__username"
        secretPath: "kv/data/atlas/shared/keycloak-admin"
        secretKey: "username"
      - objectName: "keycloak-admin__password"
        secretPath: "kv/data/atlas/shared/keycloak-admin"
        secretKey: "password"
      - objectName: "portal-e2e-client__client_id"
        secretPath: "kv/data/atlas/shared/portal-e2e-client"
        secretKey: "client_id"
      - objectName: "portal-e2e-client__client_secret"
        secretPath: "kv/data/atlas/shared/portal-e2e-client"
        secretKey: "client_secret"
      - objectName: "openldap-admin__LDAP_ADMIN_PASSWORD"
        secretPath: "kv/data/atlas/sso/openldap-admin"
        secretKey: "LDAP_ADMIN_PASSWORD"
      - objectName: "openldap-admin__LDAP_CONFIG_PASSWORD"
        secretPath: "kv/data/atlas/sso/openldap-admin"
        secretKey: "LDAP_CONFIG_PASSWORD"
      - objectName: "oauth2-proxy-oidc__client_id"
        secretPath: "kv/data/atlas/sso/oauth2-proxy-oidc"
        secretKey: "client_id"
      - objectName: "oauth2-proxy-oidc__client_secret"
        secretPath: "kv/data/atlas/sso/oauth2-proxy-oidc"
        secretKey: "client_secret"
      - objectName: "oauth2-proxy-oidc__cookie_secret"
        secretPath: "kv/data/atlas/sso/oauth2-proxy-oidc"
        secretKey: "cookie_secret"
  secretObjects:
    - secretName: openldap-admin
      type: Opaque
      data:
        - objectName: openldap-admin__LDAP_ADMIN_PASSWORD
          key: LDAP_ADMIN_PASSWORD
        - objectName: openldap-admin__LDAP_CONFIG_PASSWORD
          key: LDAP_CONFIG_PASSWORD
    - secretName: oauth2-proxy-oidc
      type: Opaque
      data:
        - objectName: oauth2-proxy-oidc__client_id
          key: client_id
        - objectName: oauth2-proxy-oidc__client_secret
          key: client_secret
        - objectName: oauth2-proxy-oidc__cookie_secret
          key: cookie_secret
vault: wire more services to CSI 2026-01-14 02:54:59 -03:00			`# services/keycloak/secretproviderclass.yaml`
			`apiVersion: secrets-store.csi.x-k8s.io/v1`
			`kind: SecretProviderClass`
			`metadata:`
			`name: sso-vault`
			`namespace: sso`
			`spec:`
			`provider: vault`
			`parameters:`
			`vaultAddress: "http://vault.vault.svc.cluster.local:8200"`
			`roleName: "sso"`
			`objects: \|`
			`- objectName: "keycloak-db__POSTGRES_DATABASE"`
			`secretPath: "kv/data/atlas/sso/keycloak-db"`
			`secretKey: "POSTGRES_DATABASE"`
			`- objectName: "keycloak-db__POSTGRES_USER"`
			`secretPath: "kv/data/atlas/sso/keycloak-db"`
			`secretKey: "POSTGRES_USER"`
			`- objectName: "keycloak-db__POSTGRES_PASSWORD"`
			`secretPath: "kv/data/atlas/sso/keycloak-db"`
			`secretKey: "POSTGRES_PASSWORD"`
			`- objectName: "keycloak-admin__username"`
			`secretPath: "kv/data/atlas/shared/keycloak-admin"`
			`secretKey: "username"`
			`- objectName: "keycloak-admin__password"`
			`secretPath: "kv/data/atlas/shared/keycloak-admin"`
			`secretKey: "password"`
			`- objectName: "portal-e2e-client__client_id"`
			`secretPath: "kv/data/atlas/shared/portal-e2e-client"`
			`secretKey: "client_id"`
			`- objectName: "portal-e2e-client__client_secret"`
			`secretPath: "kv/data/atlas/shared/portal-e2e-client"`
			`secretKey: "client_secret"`
			`- objectName: "openldap-admin__LDAP_ADMIN_PASSWORD"`
			`secretPath: "kv/data/atlas/sso/openldap-admin"`
			`secretKey: "LDAP_ADMIN_PASSWORD"`
			`- objectName: "openldap-admin__LDAP_CONFIG_PASSWORD"`
			`secretPath: "kv/data/atlas/sso/openldap-admin"`
			`secretKey: "LDAP_CONFIG_PASSWORD"`
vault: add remaining secret syncs 2026-01-14 06:16:42 -03:00			`- objectName: "oauth2-proxy-oidc__client_id"`
			`secretPath: "kv/data/atlas/sso/oauth2-proxy-oidc"`
			`secretKey: "client_id"`
			`- objectName: "oauth2-proxy-oidc__client_secret"`
			`secretPath: "kv/data/atlas/sso/oauth2-proxy-oidc"`
			`secretKey: "client_secret"`
			`- objectName: "oauth2-proxy-oidc__cookie_secret"`
			`secretPath: "kv/data/atlas/sso/oauth2-proxy-oidc"`
			`secretKey: "cookie_secret"`
			`secretObjects:`
			`- secretName: openldap-admin`
			`type: Opaque`
			`data:`
			`- objectName: openldap-admin__LDAP_ADMIN_PASSWORD`
			`key: LDAP_ADMIN_PASSWORD`
			`- objectName: openldap-admin__LDAP_CONFIG_PASSWORD`
			`key: LDAP_CONFIG_PASSWORD`
			`- secretName: oauth2-proxy-oidc`
			`type: Opaque`
			`data:`
			`- objectName: oauth2-proxy-oidc__client_id`
			`key: client_id`
			`- objectName: oauth2-proxy-oidc__client_secret`
			`key: client_secret`
			`- objectName: oauth2-proxy-oidc__cookie_secret`
			`key: cookie_secret`