Secret Management and Keycloak

Can a user get his own password from keycloak? what is the most secure way to get user secrets from Keycloak. My Goal is using keycloak as secrets access because I use iot devices as users of keycloak. Identity of iot device stored in the devices and device can request authentication for itself to keycloak. Is it okay to use keycloak?

No, passwords are saved hashed on Keycloak.
For managing secrets use something like Infiscal or Vault

2 Likes

I found some resource integrating Keycloak and Vault. But I also see from the documentation that keycloak has built in vault. How to enable it if we are using docker? then how to fetch it, I mean , where to get the secrets is it from admin console, or you get it from the environment variables or what?

Thanks

You mean Using a vault - Keycloak ?

It exists for keycloak to have a safe way to obtain secrets. Not for providing secrets to clients.

Also, be aware of Removing Hashicorp Support · keycloak/keycloak · Discussion #16446 · GitHub