The 'KeycloakUser' CRD from the RH SSO Operator lacks additional security when defining a password
Issue
The KeycloakUser
CRD seems to only accept a plain-text
password in the spec.credentials
section:
apiVersion: keycloak.org/v1alpha1
kind: KeycloakUser
metadata:
name: example-user
spec:
realmSelector:
matchLabels:
app: sso
user:
username: "realm_user"
email: "user@example.com"
enabled: true
credentials:
- type: password
value: <PLAIN TEXT PASSWORD>
This is in terms of security not acceptable for us.
Environment
- Red Hat Single Sign-On (RH SSO)
- 7.X
- Red Hat OpenShift Container Platform (OCP)
- 4.X
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.