Hello,
I am running Keycloak inside of a container using the jboss/keycloak image.
I am importing a .json realm in the Dockerfile. In this realm I define an identity provider with a client secret that I wrote in plain text. I would like to set this client secret as an environment variable for security reasons. So here is what I do:
In my docker-compose.yml file I specify the env variable MY_CLIENT_SECRET:
version: "2.1"
services:
keycloak:
build:
context: ./keycloak
environment:
MY_CLIENT_SECRET: my_secret
KEYCLOAK_USER: kcadmin
KEYCLOAK_PASSWORD: kcadmin
ports:
- "7072:8080"
networks:
my_network
in my kc-realm.json file I specify the client secret like so:
...
"identityProviders": [
{
"alias": "my_alias",
"internalId": "my_internalId",
"providerId": "my_provider_id",
"enabled": true,
"updateProfileFirstLoginMode": "on",
"trustEmail": false,
"storeToken": false,
"addReadTokenRoleOnCreate": false,
"authenticateByDefault": false,
"linkOnly": false,
"firstBrokerLoginFlowAlias": "first broker login",
"config": {
"syncMode": "IMPORT",
"clientSecret": "${env.MY_CLIENT_SECRET}",
"clientId": "my_client_id",
"useJwksUrl": "true"
}
}
],
...
and in my Dockerfile I import the realm like so:
FROM jboss/keycloak:11.0.0
COPY ./kc-realm.json /tmp/kc-realm.json
CMD ["-b", "0.0.0.0", \
"-Dkeycloak.import=/tmp/kc-realm.json"]
However the enviroment variable is not imported correctly.
What am I missing?