Connect vault to oidc

2025-05-09 15:46:46 +03:00 · 2025-05-09 15:46:46 +03:00 · 288641775f
commit 288641775f
parent 08c90731f2
1 changed files with 25 additions and 0 deletions
--- a/manifests/vault/values.yaml
+++ b/manifests/vault/values.yaml
@ -20,6 +20,31 @@ server:

      disable_mlock = true

+  extraEnvironmentVars:
+    VAULT_ADDR: http://127.0.0.1:8200
+
+  postStart:
+    command:
+      - /bin/sh
+      - -c
+      - |
+        export VAULT_ADDR=http://127.0.0.1:8200
+        vault auth enable oidc
+
+        vault write auth/oidc/config \
+          oidc_discovery_url="https://<KEYCLOAK_URL>/realms/<REALM_NAME>" \
+          oidc_client_id="vault" \
+          oidc_client_secret="8GWiUqwUZimb4xXHqFNTYCrTkKyc9hrY" \
+          default_role="vault-role"
+
+        vault write auth/oidc/role/vault-role \
+          bound_audiences="vault" \
+          allowed_redirect_uris="https://vault.dvirlabs.com/ui/vault/auth/oidc/oidc/callback" \
+          user_claim="preferred_username" \
+          groups_claim="groups" \
+          oidc_scopes="profile email groups" \
+          policies="default" \
+          ttl="1h"

 ui:
  enabled: true