From 288641775f4f5ce8ab84fb7c22149b22307686d5 Mon Sep 17 00:00:00 2001
From: dvirlabs <dvirlabs@gmail.com>
Date: Fri, 9 May 2025 15:46:46 +0300
Subject: [PATCH] Connect vault to oidc

---
 manifests/vault/values.yaml | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/manifests/vault/values.yaml b/manifests/vault/values.yaml
index 2b60c1d..d418b4e 100644
--- a/manifests/vault/values.yaml
+++ b/manifests/vault/values.yaml
@@ -20,6 +20,31 @@ server:
 
       disable_mlock = true
 
+  extraEnvironmentVars:
+    VAULT_ADDR: http://127.0.0.1:8200
+
+  postStart:
+    command:
+      - /bin/sh
+      - -c
+      - |
+        export VAULT_ADDR=http://127.0.0.1:8200
+        vault auth enable oidc
+
+        vault write auth/oidc/config \
+          oidc_discovery_url="https://<KEYCLOAK_URL>/realms/<REALM_NAME>" \
+          oidc_client_id="vault" \
+          oidc_client_secret="8GWiUqwUZimb4xXHqFNTYCrTkKyc9hrY" \
+          default_role="vault-role"
+
+        vault write auth/oidc/role/vault-role \
+          bound_audiences="vault" \
+          allowed_redirect_uris="https://vault.dvirlabs.com/ui/vault/auth/oidc/oidc/callback" \
+          user_claim="preferred_username" \
+          groups_claim="groups" \
+          oidc_scopes="profile email groups" \
+          policies="default" \
+          ttl="1h"
 
 ui:
   enabled: true