SSO for hashicorp vault
In this post I wil shiw you hiw to configure Hashicorp vault with Keycloak for SSO.
vault auth enable oidc
vault write auth/oidc/config \
oidc_discovery_url="https://sso.devopstales.intra/auth/realms/mydomain" \
oidc_client_id="web" \
oidc_client_secret="07d66ebd-1018-46c6-9c88-80aa3d4c2f68" \
default_role="reader"
vault write auth/oidc/role/reader \
bound_audiences="web" \
allowed_redirect_uris="http://192.168.0.112:8200/ui/vault/auth/oidc/oidc/callback" \
allowed_redirect_uris="http://192.168.0.112:8250/oidc/callback" \
user_claim="sub" \
policies="reader"
nano reader.hcl
# Read permission on the k/v secrets
path "/secret/*" {
capabilities = ["read", "list"]
}
nano manager.hcl
# Manage k/v secrets
path "/secret/*" {
capabilities = ["create", "read", "update", "delete", "list"]
}
vault policy write reader reader.hcl
vault policy write manager manager.hcl
vault policy list