Hey, I’m running a Docker container inside a Kubernetes pod and I have an issue with generating a password for the admin user.
So previously I’ve been using a static password for testing out my deployment and getting our application to work, and using that setup everything works just fine. The Dockerfile runs a user & password gen. script, then it runs a jboss-cli.sh script to embed the server:
# user/password
/opt/keycloak-4.8.3.Final/bin/add-user-keycloak.sh --user admin --password $PASSWORD --realm master
# jboss embed script
/opt/keycloak-4.8.3.Final/bin/jboss-cli.sh 'embed-server,/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=proxy-address-forwarding,value=true)'
/opt/keycloak-4.8.3.Final/bin/jboss-cli.sh 'embed-server,/socket-binding-group=standard-sockets/socket-binding=proxy-https:add(port=8443)'
/opt/keycloak-4.8.3.Final/bin/jboss-cli.sh 'embed-server,/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=redirect-socket,value=proxy-https)'
The only problem here is that any password, even, a randomly generated one, gets pushed up to Dockerhub. Which is insecure.
I’ve tried using Supervisord to generate a random base64 password and then run the above commands at container startup, rather than in the Dockerfile. Only problem is that it always seems to break Apache inside the container, or I can’t access the admin console due to a “bad redirect uri”.
Any idea how to get around this? Thanks for the help.