The 'KeycloakUser' CRD from the RH SSO Operator lacks additional security when defining a password

Solution In Progress - Updated -

Issue

The KeycloakUser CRD seems to only accept a plain-text password in the spec.credentials section:

apiVersion: keycloak.org/v1alpha1
kind: KeycloakUser
metadata:
  name: example-user
spec:
  realmSelector:
    matchLabels:
      app: sso
  user:
    username: "realm_user"
    email: "user@example.com"
    enabled: true
    credentials:
      -  type: password
         value: <PLAIN TEXT PASSWORD>

This is in terms of security not acceptable for us.

Environment

  • Red Hat Single Sign-On (RH SSO)
    • 7.X
  • Red Hat OpenShift Container Platform (OCP)
    • 4.X

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content