openshell-credentials-keycloak

OpenShell credentials driver that resolves credential placeholders to OAuth2 access tokens via Keycloak's client_credentials grant.

Runs as a sidecar container in the OpenShell gateway pod, communicating over a Unix domain socket.

Build

make build

Test

make test

Run

./openshell-credentials-keycloak \
  --socket /run/drivers/credentials.sock \
  --config /etc/openshell/credentials.yaml \
  --secrets-dir /etc/openshell/secrets

Configuration

credentials:
  github-api:
    client_id: team1-github
    client_secret_ref: team1-github-secret
    token_endpoint: https://keycloak.example.com/realms/openshell/protocol/openid-connect/token
    scopes: ["repo", "read:org"]

Client secrets are read from files in --secrets-dir. Each credential's client_secret_ref maps to a filename in that directory (standard Kubernetes Secret volume mount pattern).

Docker

docker build -f deploy/Dockerfile -t openshell-credentials-keycloak:latest .

License

Apache-2.0

Name		Name	Last commit message	Last commit date
Latest commit History 1 Commit
cmd/driver		cmd/driver
deploy		deploy
gen/credentialsv1		gen/credentialsv1
internal		internal
proto		proto
testdata		testdata
.gitignore		.gitignore
LICENSE		LICENSE
Makefile		Makefile
README.md		README.md
buf.gen.yaml		buf.gen.yaml
buf.yaml		buf.yaml
go.mod		go.mod
go.sum		go.sum

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

openshell-credentials-keycloak

Build

Test

Run

Configuration

Docker

License

About

Uh oh!

Releases

Packages

Uh oh!

Contributors

Uh oh!

Languages

Folders and files

Latest commit

History

Repository files navigation

openshell-credentials-keycloak

Build

Test

Run

Configuration

Docker

License

About

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors

Uh oh!

Languages

Packages