Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: adds handling for a KC_CLI_PASSWORD env variable #29430

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix: adds handling for a KC_CLI_PASSWORD env variable #29430

wants to merge 1 commit into from
+95 −306

Conversation

shawkins
Copy link
Contributor

@shawkins shawkins commented May 9, 2024
edited

closes: #21961

Went the route of picocli defaults for this. We could consider adding a general default handler, but option keys for the "secrets" don't seem consistent.

The other possible "secret" env variables (not addressed in this pr) include:

  • the truststore password (although we are trying to move away from truststores that require a password)
  • the initial token
  • the registration token

@shawkins shawkins requested review from a team as code owners May 9, 2024 20:20
This was referenced May 9, 2024
Closed
Closed
Closed
Closed
Closed
Closed
Closed
@keycloak-github-bot keycloak-github-bot bot mentioned this pull request May 9, 2024
Closed
vmuzikar
vmuzikar reviewed May 20, 2024
View reviewed changes
Copy link
Contributor

@vmuzikar vmuzikar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@shawkins Thanks for this enhancement.

I think it might be good to also document it that it now accepts env var? Possibly here?

...on/client-cli/admin-cli/src/main/java/org/keycloak/client/cli/common/BaseAuthOptionsCmd.java Outdated Show resolved Hide resolved
...ent-cli/admin-cli/src/main/java/org/keycloak/client/cli/common/BaseConfigCredentialsCmd.java Outdated Show resolved Hide resolved
@shawkins
Copy link
Contributor Author

@vmuzikar updated the punctuation / typo. I'm now thinking this is probably too narrow in scope. Users would expect the same behavior for the client secret, store pass, etc. Does it seem ok to expend the effort for all of these?

@vmuzikar
Copy link
Contributor

Does it seem ok to expend the effort for all of these?

Works for me.

@shawkins shawkins force-pushed the iss21961 branch 3 times, most recently from ec86078 to 1e26c33 Compare May 23, 2024 17:06
@shawkins
fix: adds handling for all kcadm prompts as env variables
fbeda94 
closes: keycloak#21961

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
@shawkins
Copy link
Contributor Author

@vmuzikar updated to all kcadm sensitive options, which covers some of kcreg as well. Added a few mentions in the docs. Can also add a v26 release note if desired.

This was referenced May 28, 2024
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mabartos mabartos Awaiting requested review from mabartos

@vmuzikar vmuzikar Awaiting requested review from vmuzikar

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
flaky-test team/cloud-native team/core-clients team/core-iam
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Allow to provider password to kcadm (keycloak-admin-cli) via environment variable
2 participants
@shawkins @vmuzikar