How to pass client secret securely and automatically to microservice


I have a microservice deployement and want to use Keycloak service accounts to provide secure, authenticated east-west traffic between microservices with JWT tokens.

For each of our microservices we create a client in Keycloak. Then for the client we enable authentication. These things are automated. However its not clear to me how to automatically pass the client id and secret to the microservice. The microservice needs the client id and secret to fetch a JWT token that it will use to call other microservices later. Of course we could manually get client id and secret and store it in the microservice, but this creates operational burden for large deployments with many microservices or when rotating client credentials.

Are there any authentication flows in Keycloak which support this “securely pass client credentials to microservice” task or even avoid sharing credentials but still allow for authentication. Could also be that this step just has to be manual and cannot be automated…appreciate your your help/sharing your experiences on this!