SSO for hashicorp vault

In this post I wil shiw you hiw to configure Hashicorp vault with Keycloak for SSO.

vault auth enable oidc

vault write auth/oidc/config \
    oidc_discovery_url="https://sso.devopstales.intra/auth/realms/mydomain" \
    oidc_client_id="web" \
    oidc_client_secret="07d66ebd-1018-46c6-9c88-80aa3d4c2f68" \
vault write auth/oidc/role/reader \
        bound_audiences="web" \
        allowed_redirect_uris="" \
        allowed_redirect_uris="" \
        user_claim="sub" \
nano reader.hcl
# Read permission on the k/v secrets
path "/secret/*" {
    capabilities = ["read", "list"]

nano manager.hcl
# Manage k/v secrets
path "/secret/*" {
    capabilities = ["create", "read", "update", "delete", "list"]
vault policy write reader reader.hcl
vault policy write manager manager.hcl

vault policy list

Example image