Add secret for oidc

manifests/vault/values.yaml

@@ -1,4 +1,6 @@
 server:
+  envFromSecret: vault-oidc-secret
+
   dataStorage:
     enabled: true
     size: 1Gi
@@ -20,8 +22,27 @@ server:
 
       disable_mlock = true
 
+      auth "oidc" {
+        config = {
+          oidc_discovery_url = "https://keycloak.dvirlabs.com/realms/lab"
+          oidc_client_id     = "vault"
+          oidc_client_secret = "{{ env "VAULT_OIDC_CLIENT_SECRET" }}"
+          default_role       = "vault-admins"
+        }
+      }
+
+      role "vault-admins" {
+        bound_audiences = "vault"
+        allowed_redirect_uris = "https://vault.dvirlabs.com/ui/vault/auth/oidc/oidc/callback"
+        user_claim = "sub"
+        groups_claim = "groups"
+        bound_claims = { "groups": "vault-admins" }
+        policies = ["vault-admin"]
+      }
+
   extraEnvironmentVars:
     VAULT_ADDR: http://127.0.0.1:8200
+    VAULT_OIDC_CLIENT_SECRET: {{ .Values.oidc.clientSecret | quote }}
 
 ui:
   enabled: true
@@ -41,8 +62,11 @@ ingress:
     - hosts:
         - vault.dvirlabs.com
 
-# ✅ Disable CSI fully
 csi:
   enabled: false
   agent:
     enabled: false
+
+# Custom section for value injection
+oidc:
+  clientSecret: ${VAULT_OIDC_CLIENT_SECRET}

manifests/vault/vault-oidc-secret.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-oidc-secret
+  namespace: dev-tools
+type: Opaque
+stringData:
+  VAULT_OIDC_CLIENT_SECRET: 8GWiUqwUZimb4xXHqFNTYCrTkKyc9hrY