Secrets in KeycloakRealmImport CR

I’d like to use the Keycloak Operator and its Realm Importer (Keycloak Realm Import - Keycloak), i.e. the realm would be configured in a KeycloakRealmImport customer resource

My question: can I store secrets (e.g. the client secret of openid-connect clients) in a Kubernetes Secret and somehow reference them from the KeycloakRealmImport CR?

It would feel much better to keep secrets separated in secrets resources. And my company setup enforces me to do so: all kubernetes resources - except secrets – are readable by every employee, so I’d kind disclose them by placing them in a customer resource.

Did you ever find out how to do this? Looking at the same issue right now.

Hi, you can enable:

Then, in order to replace your value in realm.json file:

“clientSecret”: “${ENV_SECRET}”,

For local setup you will use Dockerfile:

And for other envs, you can just override this value.

1 Like