parent
79fa6bb3c9
commit
4d2f86202d
18 changed files with 82 additions and 283 deletions
|
@ -1,13 +1,11 @@
|
|||
package org.keycloak.config;
|
||||
|
||||
import java.io.File;
|
||||
import java.util.Map;
|
||||
|
||||
public class VaultOptions {
|
||||
|
||||
public enum Provider {
|
||||
file,
|
||||
hashicorp;
|
||||
file;
|
||||
}
|
||||
|
||||
public static final Option VAULT = new OptionBuilder<>("vault", Provider.class)
|
||||
|
@ -21,23 +19,4 @@ public class VaultOptions {
|
|||
.description("If set, secrets can be obtained by reading the content of files within the given directory.")
|
||||
.build();
|
||||
|
||||
public static final Option VAULT_UNMAPPED = new OptionBuilder<>("vault-", String.class)
|
||||
.category(OptionCategory.VAULT)
|
||||
.description("Maps any vault option to their corresponding properties in quarkus-vault extension.")
|
||||
.hidden()
|
||||
.buildTime(true)
|
||||
.build();
|
||||
|
||||
public static final Option VAULT_URL = new OptionBuilder<>("vault-url", String.class)
|
||||
.category(OptionCategory.VAULT)
|
||||
.description("The vault server url.")
|
||||
.hidden()
|
||||
.buildTime(true)
|
||||
.build();
|
||||
|
||||
public static final Option VAULT_KV_PATHS = new OptionBuilder("vault-kv-paths", Map.class, String.class)
|
||||
.category(OptionCategory.VAULT)
|
||||
.description("A set of one or more key/value paths that should be used when looking up secrets.")
|
||||
.hidden()
|
||||
.build();
|
||||
}
|
||||
|
|
|
@ -101,11 +101,6 @@
|
|||
<artifactId>rest-assured</artifactId>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>io.quarkiverse.vault</groupId>
|
||||
<artifactId>quarkus-vault-deployment</artifactId>
|
||||
<version>${io.quarkiverse.vault.version}</version>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
<build>
|
||||
|
|
|
@ -47,11 +47,6 @@
|
|||
<sun.saaj-impl.version>1.4.1.SP1</sun.saaj-impl.version>
|
||||
<org.jvnet.staxex.version>1.8.3</org.jvnet.staxex.version>
|
||||
|
||||
<!--
|
||||
Quarkiverse dependency versions
|
||||
-->
|
||||
<io.quarkiverse.vault.version>2.0.0</io.quarkiverse.vault.version>
|
||||
|
||||
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
|
||||
<maven.compiler.plugin.version>3.8.1</maven.compiler.plugin.version>
|
||||
<maven.compiler.release>11</maven.compiler.release>
|
||||
|
|
|
@ -96,11 +96,6 @@
|
|||
<groupId>org.wildfly.security</groupId>
|
||||
<artifactId>wildfly-elytron</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>io.quarkiverse.vault</groupId>
|
||||
<artifactId>quarkus-vault</artifactId>
|
||||
<version>${io.quarkiverse.vault.version}</version>
|
||||
</dependency>
|
||||
|
||||
<!-- CLI -->
|
||||
<dependency>
|
||||
|
|
|
@ -17,17 +17,6 @@ final class VaultPropertyMappers {
|
|||
fromOption(VaultOptions.VAULT_DIR)
|
||||
.to("kc.spi-vault-file-dir")
|
||||
.paramLabel("dir")
|
||||
.build(),
|
||||
fromOption(VaultOptions.VAULT_UNMAPPED)
|
||||
.to("quarkus.vault.")
|
||||
.build(),
|
||||
fromOption(VaultOptions.VAULT_URL)
|
||||
.to("quarkus.vault.url")
|
||||
.paramLabel("paths")
|
||||
.build(),
|
||||
fromOption(VaultOptions.VAULT_KV_PATHS)
|
||||
.to("kc.spi-vault-hashicorp-paths")
|
||||
.paramLabel("paths")
|
||||
.build()
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,67 +0,0 @@
|
|||
/*
|
||||
* Copyright 2021 Red Hat, Inc. and/or its affiliates
|
||||
* and other contributors as indicated by the @author tags.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.keycloak.quarkus.runtime.vault;
|
||||
|
||||
import static org.keycloak.vault.DefaultVaultRawSecret.forBuffer;
|
||||
|
||||
import java.nio.CharBuffer;
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Optional;
|
||||
|
||||
import org.keycloak.vault.AbstractVaultProvider;
|
||||
import org.keycloak.vault.VaultKeyResolver;
|
||||
import org.keycloak.vault.VaultRawSecret;
|
||||
|
||||
import io.quarkus.vault.VaultKVSecretEngine;
|
||||
|
||||
public class QuarkusVaultProvider extends AbstractVaultProvider {
|
||||
|
||||
private VaultKVSecretEngine secretEngine;
|
||||
private String[] kvPaths;
|
||||
|
||||
public QuarkusVaultProvider(VaultKVSecretEngine secretEngine, String[] kvPaths, String realm, List<VaultKeyResolver> keyResolvers) {
|
||||
super(realm, keyResolvers);
|
||||
this.secretEngine = secretEngine;
|
||||
this.kvPaths = kvPaths;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected VaultRawSecret obtainSecretInternal(String key) {
|
||||
if (kvPaths == null) {
|
||||
return forBuffer(Optional.empty());
|
||||
}
|
||||
|
||||
for (String path : kvPaths) {
|
||||
Map<String, String> secrets = secretEngine.readSecret(path);
|
||||
String secret = secrets.get(key);
|
||||
|
||||
if (secret != null) {
|
||||
return forBuffer(Optional.of(StandardCharsets.UTF_8.encode(CharBuffer.wrap(secret))));
|
||||
}
|
||||
}
|
||||
|
||||
return forBuffer(Optional.empty());
|
||||
}
|
||||
|
||||
@Override
|
||||
public void close() {
|
||||
|
||||
}
|
||||
}
|
|
@ -1,89 +0,0 @@
|
|||
/*
|
||||
* Copyright 2021 Red Hat, Inc. and/or its affiliates
|
||||
* and other contributors as indicated by the @author tags.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.keycloak.quarkus.runtime.vault;
|
||||
|
||||
import org.keycloak.Config;
|
||||
import org.keycloak.models.KeycloakSession;
|
||||
import org.keycloak.models.KeycloakSessionFactory;
|
||||
import org.keycloak.provider.EnvironmentDependentProviderFactory;
|
||||
import org.keycloak.quarkus.runtime.configuration.Configuration;
|
||||
import org.keycloak.vault.AbstractVaultProviderFactory;
|
||||
import org.keycloak.vault.VaultProvider;
|
||||
|
||||
import io.quarkus.arc.Arc;
|
||||
import io.quarkus.arc.InstanceHandle;
|
||||
import io.quarkus.vault.VaultKVSecretEngine;
|
||||
import io.quarkus.vault.runtime.VaultConfigHolder;
|
||||
|
||||
public class QuarkusVaultProviderFactory extends AbstractVaultProviderFactory implements EnvironmentDependentProviderFactory {
|
||||
|
||||
private String[] kvPaths;
|
||||
private VaultKVSecretEngine secretEngine;
|
||||
|
||||
@Override
|
||||
public VaultProvider create(KeycloakSession session) {
|
||||
return new QuarkusVaultProvider(secretEngine, kvPaths, getRealmName(session), super.keyResolvers);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void init(Config.Scope config) {
|
||||
super.init(config);
|
||||
kvPaths = config.getArray("paths");
|
||||
}
|
||||
|
||||
@Override
|
||||
public void postInit(KeycloakSessionFactory factory) {
|
||||
InstanceHandle<VaultKVSecretEngine> engineInstance = Arc.container().instance(VaultKVSecretEngine.class);
|
||||
|
||||
if (engineInstance.isAvailable()) {
|
||||
secretEngine = engineInstance.get();
|
||||
}
|
||||
|
||||
InstanceHandle<VaultConfigHolder> configInstance = Arc.container().instance(VaultConfigHolder.class);
|
||||
|
||||
if (!configInstance.isAvailable() || configInstance.get().getVaultBootstrapConfig() == null) {
|
||||
throw new RuntimeException("No configuration defined for hashicorp provider.");
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public void close() {
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getId() {
|
||||
return "hashicorp";
|
||||
}
|
||||
|
||||
@Override
|
||||
public int order() {
|
||||
return 10;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isSupported(Config.Scope config) {
|
||||
return getId().equals(Configuration.getRawValue("kc.vault"));
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isSupported() {
|
||||
// in quarkus we do not use this method when installing providers
|
||||
return false;
|
||||
}
|
||||
}
|
|
@ -1,2 +1 @@
|
|||
org.keycloak.quarkus.runtime.vault.FilesPlainTextVaultProviderFactory
|
||||
org.keycloak.quarkus.runtime.vault.QuarkusVaultProviderFactory
|
||||
|
|
|
@ -78,7 +78,7 @@ Metrics:
|
|||
|
||||
Vault:
|
||||
|
||||
--vault <provider> Enables a vault provider. Possible values are: file, hashicorp.
|
||||
--vault <provider> Enables a vault provider. Possible values are: file.
|
||||
|
||||
Examples:
|
||||
|
||||
|
|
|
@ -43,24 +43,25 @@ Transaction:
|
|||
|
||||
Feature:
|
||||
|
||||
--features <feature> Enables a set of one or more features. Possible values are: authorization,
|
||||
account2, account-api, admin-fine-grained-authz, admin2, docker,
|
||||
impersonation, openshift-integration, scripts, token-exchange, web-authn,
|
||||
client-policies, ciba, map-storage, par, declarative-user-profile,
|
||||
dynamic-scopes, client-secret-rotation, step-up-authentication,
|
||||
recovery-codes, update-email, js-adapter, preview.
|
||||
--features <feature> Enables a set of one or more features. Possible values are: account-api,
|
||||
account2, admin, admin-api, admin-fine-grained-authz, admin2, authorization,
|
||||
ciba, client-policies, client-secret-rotation, declarative-user-profile,
|
||||
docker, dynamic-scopes, impersonation, js-adapter, map-storage,
|
||||
openshift-integration, par, preview, recovery-codes, scripts,
|
||||
step-up-authentication, token-exchange, update-email, web-authn.
|
||||
--features-disabled <feature>
|
||||
Disables a set of one or more features. Possible values are: authorization,
|
||||
account2, account-api, admin-fine-grained-authz, admin2, docker,
|
||||
impersonation, openshift-integration, scripts, token-exchange, web-authn,
|
||||
client-policies, ciba, map-storage, par, declarative-user-profile,
|
||||
dynamic-scopes, client-secret-rotation, step-up-authentication,
|
||||
recovery-codes, update-email, js-adapter, preview.
|
||||
Disables a set of one or more features. Possible values are: account-api,
|
||||
account2, admin, admin-api, admin-fine-grained-authz, admin2, authorization,
|
||||
ciba, client-policies, client-secret-rotation, declarative-user-profile,
|
||||
docker, dynamic-scopes, impersonation, js-adapter, map-storage,
|
||||
openshift-integration, par, preview, recovery-codes, scripts,
|
||||
step-up-authentication, token-exchange, update-email, web-authn.
|
||||
|
||||
HTTP/TLS:
|
||||
|
||||
--http-relative-path <path>
|
||||
Set the path relative to '/' for serving resources. Default: /.
|
||||
Set the path relative to '/' for serving resources. The path must start with a
|
||||
'/'. Default: /.
|
||||
|
||||
Health:
|
||||
|
||||
|
@ -77,7 +78,7 @@ Metrics:
|
|||
|
||||
Vault:
|
||||
|
||||
--vault <provider> Enables a vault provider. Possible values are: file, hashicorp.
|
||||
--vault <provider> Enables a vault provider. Possible values are: file.
|
||||
|
||||
Examples:
|
||||
|
||||
|
|
|
@ -164,7 +164,7 @@ Proxy:
|
|||
|
||||
Vault:
|
||||
|
||||
--vault <provider> Enables a vault provider. Possible values are: file, hashicorp.
|
||||
--vault <provider> Enables a vault provider. Possible values are: file.
|
||||
--vault-dir <dir> If set, secrets can be obtained by reading the content of files within the
|
||||
given directory.
|
||||
|
||||
|
|
|
@ -66,19 +66,19 @@ Transaction:
|
|||
|
||||
Feature:
|
||||
|
||||
--features <feature> Enables a set of one or more features. Possible values are: authorization,
|
||||
account2, account-api, admin-fine-grained-authz, admin2, docker,
|
||||
impersonation, openshift-integration, scripts, token-exchange, web-authn,
|
||||
client-policies, ciba, map-storage, par, declarative-user-profile,
|
||||
dynamic-scopes, client-secret-rotation, step-up-authentication,
|
||||
recovery-codes, update-email, js-adapter, preview.
|
||||
--features <feature> Enables a set of one or more features. Possible values are: account-api,
|
||||
account2, admin, admin-api, admin-fine-grained-authz, admin2, authorization,
|
||||
ciba, client-policies, client-secret-rotation, declarative-user-profile,
|
||||
docker, dynamic-scopes, impersonation, js-adapter, map-storage,
|
||||
openshift-integration, par, preview, recovery-codes, scripts,
|
||||
step-up-authentication, token-exchange, update-email, web-authn.
|
||||
--features-disabled <feature>
|
||||
Disables a set of one or more features. Possible values are: authorization,
|
||||
account2, account-api, admin-fine-grained-authz, admin2, docker,
|
||||
impersonation, openshift-integration, scripts, token-exchange, web-authn,
|
||||
client-policies, ciba, map-storage, par, declarative-user-profile,
|
||||
dynamic-scopes, client-secret-rotation, step-up-authentication,
|
||||
recovery-codes, update-email, js-adapter, preview.
|
||||
Disables a set of one or more features. Possible values are: account-api,
|
||||
account2, admin, admin-api, admin-fine-grained-authz, admin2, authorization,
|
||||
ciba, client-policies, client-secret-rotation, declarative-user-profile,
|
||||
docker, dynamic-scopes, impersonation, js-adapter, map-storage,
|
||||
openshift-integration, par, preview, recovery-codes, scripts,
|
||||
step-up-authentication, token-exchange, update-email, web-authn.
|
||||
|
||||
Hostname:
|
||||
|
||||
|
@ -113,7 +113,8 @@ HTTP/TLS:
|
|||
--http-host <host> The used HTTP Host. Default: 0.0.0.0.
|
||||
--http-port <port> The used HTTP port. Default: 8080.
|
||||
--http-relative-path <path>
|
||||
Set the path relative to '/' for serving resources. Default: /.
|
||||
Set the path relative to '/' for serving resources. The path must start with a
|
||||
'/'. Default: /.
|
||||
--https-certificate-file <file>
|
||||
The file path to a server certificate or certificate chain in PEM format.
|
||||
--https-certificate-key-file <file>
|
||||
|
@ -163,7 +164,7 @@ Proxy:
|
|||
|
||||
Vault:
|
||||
|
||||
--vault <provider> Enables a vault provider. Possible values are: file, hashicorp.
|
||||
--vault <provider> Enables a vault provider. Possible values are: file.
|
||||
--vault-dir <dir> If set, secrets can be obtained by reading the content of files within the
|
||||
given directory.
|
||||
|
||||
|
|
|
@ -222,7 +222,7 @@ Proxy:
|
|||
|
||||
Vault:
|
||||
|
||||
--vault <provider> Enables a vault provider. Possible values are: file, hashicorp.
|
||||
--vault <provider> Enables a vault provider. Possible values are: file.
|
||||
--vault-dir <dir> If set, secrets can be obtained by reading the content of files within the
|
||||
given directory.
|
||||
|
||||
|
|
|
@ -124,19 +124,19 @@ Transaction:
|
|||
|
||||
Feature:
|
||||
|
||||
--features <feature> Enables a set of one or more features. Possible values are: authorization,
|
||||
account2, account-api, admin-fine-grained-authz, admin-api, admin, admin2,
|
||||
docker, impersonation, openshift-integration, scripts, token-exchange,
|
||||
web-authn, client-policies, ciba, map-storage, par,
|
||||
declarative-user-profile, dynamic-scopes, client-secret-rotation,
|
||||
step-up-authentication, recovery-codes, update-email, js-adapter, preview.
|
||||
--features <feature> Enables a set of one or more features. Possible values are: account-api,
|
||||
account2, admin, admin-api, admin-fine-grained-authz, admin2, authorization,
|
||||
ciba, client-policies, client-secret-rotation, declarative-user-profile,
|
||||
docker, dynamic-scopes, impersonation, js-adapter, map-storage,
|
||||
openshift-integration, par, preview, recovery-codes, scripts,
|
||||
step-up-authentication, token-exchange, update-email, web-authn.
|
||||
--features-disabled <feature>
|
||||
Disables a set of one or more features. Possible values are: authorization,
|
||||
account2, account-api, admin-fine-grained-authz, admin-api, admin, admin2,
|
||||
docker, impersonation, openshift-integration, scripts, token-exchange,
|
||||
web-authn, client-policies, ciba, map-storage, par,
|
||||
declarative-user-profile, dynamic-scopes, client-secret-rotation,
|
||||
step-up-authentication, recovery-codes, update-email, js-adapter, preview.
|
||||
Disables a set of one or more features. Possible values are: account-api,
|
||||
account2, admin, admin-api, admin-fine-grained-authz, admin2, authorization,
|
||||
ciba, client-policies, client-secret-rotation, declarative-user-profile,
|
||||
docker, dynamic-scopes, impersonation, js-adapter, map-storage,
|
||||
openshift-integration, par, preview, recovery-codes, scripts,
|
||||
step-up-authentication, token-exchange, update-email, web-authn.
|
||||
|
||||
Hostname:
|
||||
|
||||
|
@ -222,7 +222,7 @@ Proxy:
|
|||
|
||||
Vault:
|
||||
|
||||
--vault <provider> Enables a vault provider. Possible values are: file, hashicorp.
|
||||
--vault <provider> Enables a vault provider. Possible values are: file.
|
||||
--vault-dir <dir> If set, secrets can be obtained by reading the content of files within the
|
||||
given directory.
|
||||
|
||||
|
|
|
@ -170,7 +170,7 @@ Proxy:
|
|||
|
||||
Vault:
|
||||
|
||||
--vault <provider> Enables a vault provider. Possible values are: file, hashicorp.
|
||||
--vault <provider> Enables a vault provider. Possible values are: file.
|
||||
--vault-dir <dir> If set, secrets can be obtained by reading the content of files within the
|
||||
given directory.
|
||||
|
||||
|
|
|
@ -72,19 +72,19 @@ Transaction:
|
|||
|
||||
Feature:
|
||||
|
||||
--features <feature> Enables a set of one or more features. Possible values are: authorization,
|
||||
account2, account-api, admin-fine-grained-authz, admin2, docker,
|
||||
impersonation, openshift-integration, scripts, token-exchange, web-authn,
|
||||
client-policies, ciba, map-storage, par, declarative-user-profile,
|
||||
dynamic-scopes, client-secret-rotation, step-up-authentication,
|
||||
recovery-codes, update-email, js-adapter, preview.
|
||||
--features <feature> Enables a set of one or more features. Possible values are: account-api,
|
||||
account2, admin, admin-api, admin-fine-grained-authz, admin2, authorization,
|
||||
ciba, client-policies, client-secret-rotation, declarative-user-profile,
|
||||
docker, dynamic-scopes, impersonation, js-adapter, map-storage,
|
||||
openshift-integration, par, preview, recovery-codes, scripts,
|
||||
step-up-authentication, token-exchange, update-email, web-authn.
|
||||
--features-disabled <feature>
|
||||
Disables a set of one or more features. Possible values are: authorization,
|
||||
account2, account-api, admin-fine-grained-authz, admin2, docker,
|
||||
impersonation, openshift-integration, scripts, token-exchange, web-authn,
|
||||
client-policies, ciba, map-storage, par, declarative-user-profile,
|
||||
dynamic-scopes, client-secret-rotation, step-up-authentication,
|
||||
recovery-codes, update-email, js-adapter, preview.
|
||||
Disables a set of one or more features. Possible values are: account-api,
|
||||
account2, admin, admin-api, admin-fine-grained-authz, admin2, authorization,
|
||||
ciba, client-policies, client-secret-rotation, declarative-user-profile,
|
||||
docker, dynamic-scopes, impersonation, js-adapter, map-storage,
|
||||
openshift-integration, par, preview, recovery-codes, scripts,
|
||||
step-up-authentication, token-exchange, update-email, web-authn.
|
||||
|
||||
Hostname:
|
||||
|
||||
|
@ -119,7 +119,8 @@ HTTP/TLS:
|
|||
--http-host <host> The used HTTP Host. Default: 0.0.0.0.
|
||||
--http-port <port> The used HTTP port. Default: 8080.
|
||||
--http-relative-path <path>
|
||||
Set the path relative to '/' for serving resources. Default: /.
|
||||
Set the path relative to '/' for serving resources. The path must start with a
|
||||
'/'. Default: /.
|
||||
--https-certificate-file <file>
|
||||
The file path to a server certificate or certificate chain in PEM format.
|
||||
--https-certificate-key-file <file>
|
||||
|
@ -169,7 +170,7 @@ Proxy:
|
|||
|
||||
Vault:
|
||||
|
||||
--vault <provider> Enables a vault provider. Possible values are: file, hashicorp.
|
||||
--vault <provider> Enables a vault provider. Possible values are: file.
|
||||
--vault-dir <dir> If set, secrets can be obtained by reading the content of files within the
|
||||
given directory.
|
||||
|
||||
|
|
|
@ -228,7 +228,7 @@ Proxy:
|
|||
|
||||
Vault:
|
||||
|
||||
--vault <provider> Enables a vault provider. Possible values are: file, hashicorp.
|
||||
--vault <provider> Enables a vault provider. Possible values are: file.
|
||||
--vault-dir <dir> If set, secrets can be obtained by reading the content of files within the
|
||||
given directory.
|
||||
|
||||
|
|
|
@ -130,19 +130,19 @@ Transaction:
|
|||
|
||||
Feature:
|
||||
|
||||
--features <feature> Enables a set of one or more features. Possible values are: authorization,
|
||||
account2, account-api, admin-fine-grained-authz, admin-api, admin, admin2,
|
||||
docker, impersonation, openshift-integration, scripts, token-exchange,
|
||||
web-authn, client-policies, ciba, map-storage, par,
|
||||
declarative-user-profile, dynamic-scopes, client-secret-rotation,
|
||||
step-up-authentication, recovery-codes, update-email, js-adapter, preview.
|
||||
--features <feature> Enables a set of one or more features. Possible values are: account-api,
|
||||
account2, admin, admin-api, admin-fine-grained-authz, admin2, authorization,
|
||||
ciba, client-policies, client-secret-rotation, declarative-user-profile,
|
||||
docker, dynamic-scopes, impersonation, js-adapter, map-storage,
|
||||
openshift-integration, par, preview, recovery-codes, scripts,
|
||||
step-up-authentication, token-exchange, update-email, web-authn.
|
||||
--features-disabled <feature>
|
||||
Disables a set of one or more features. Possible values are: authorization,
|
||||
account2, account-api, admin-fine-grained-authz, admin-api, admin, admin2,
|
||||
docker, impersonation, openshift-integration, scripts, token-exchange,
|
||||
web-authn, client-policies, ciba, map-storage, par,
|
||||
declarative-user-profile, dynamic-scopes, client-secret-rotation,
|
||||
step-up-authentication, recovery-codes, update-email, js-adapter, preview.
|
||||
Disables a set of one or more features. Possible values are: account-api,
|
||||
account2, admin, admin-api, admin-fine-grained-authz, admin2, authorization,
|
||||
ciba, client-policies, client-secret-rotation, declarative-user-profile,
|
||||
docker, dynamic-scopes, impersonation, js-adapter, map-storage,
|
||||
openshift-integration, par, preview, recovery-codes, scripts,
|
||||
step-up-authentication, token-exchange, update-email, web-authn.
|
||||
|
||||
Hostname:
|
||||
|
||||
|
@ -228,7 +228,7 @@ Proxy:
|
|||
|
||||
Vault:
|
||||
|
||||
--vault <provider> Enables a vault provider. Possible values are: file, hashicorp.
|
||||
--vault <provider> Enables a vault provider. Possible values are: file.
|
||||
--vault-dir <dir> If set, secrets can be obtained by reading the content of files within the
|
||||
given directory.
|
||||
|
||||
|
|
Loading…
Reference in a new issue