Skip to main content
HashiTalks 2025 Learn about unique use cases, homelab setups, and best practices at scale at our 24-hour virtual knowledge sharing event. Register
Presentation

Managing Keycloak client secrets with vault

A common practice to secure services is to use OAuth2. Keycloak is an open source implementation of OAuth’s authorization server and widely adopted technology across the IT industry. A delicate but important part of the OAuth setup is the distribution of sensitive client secrets to backend applications. In this talk I’ll show how we use our vault Keycloak plugin to distribute client secrets directly to an application running in nomad. You will learn how to avoid manual provisioning Keycloak client secrets in your application deployment. Therefore, mitigating the risk of exposing sensitive data.

A common practice to secure services is to use OAuth2. Keycloak is an open source implementation of OAuth’s authorization server and widely adopted technology across the IT industry. A delicate but important part of the OAuth setup is the distribution of sensitive client secrets to backend applications.

In this talk I’ll show how we use our vault Keycloak plugin to distribute client secrets directly to an application running in nomad.

You will learn how to avoid manual provisioning Keycloak client secrets in your application deployment. Therefore, mitigating the risk of exposing sensitive data.

More resources like this one

4/11/2024FAQ

Introduction to HashiCorp Vault

Vault identity diagram
12/28/2023FAQ

Why should we use identity-based or "identity-first" security as we adopt cloud infrastructure?

3/14/2023Article

5 best practices for secrets management

2/3/2023Case Study

Automating Multi-Cloud, Multi-Region Vault for Teams and Landing Zones