From ad5b94929e9380b9ff3ddbda9f604557bfd0c3db Mon Sep 17 00:00:00 2001 From: "ryan-distrust.co" Date: Mon, 15 May 2023 00:06:43 -0400 Subject: [PATCH] k/keycloak: initial commit --- kustomizations/keycloak/ingress.yaml | 24 ++++++ .../keycloak/keycloak-config.enc.yaml | 78 +++++++++++++++++ kustomizations/keycloak/kustomization.yaml | 18 ++++ kustomizations/keycloak/namespace.yaml | 4 + .../keycloak/postgres-auth.enc.yaml | 83 +++++++++++++++++++ .../keycloak/postgres-auth.patch.yaml | 43 ++++++++++ kustomizations/keycloak/resources.yaml | 53 ++++++++++++ .../scripts/generate-keycloak-secret.sh | 22 +++++ kustomizations/keycloak/secret-generator.yaml | 7 ++ 9 files changed, 332 insertions(+) create mode 100644 kustomizations/keycloak/ingress.yaml create mode 100644 kustomizations/keycloak/keycloak-config.enc.yaml create mode 100644 kustomizations/keycloak/kustomization.yaml create mode 100644 kustomizations/keycloak/namespace.yaml create mode 100644 kustomizations/keycloak/postgres-auth.enc.yaml create mode 100644 kustomizations/keycloak/postgres-auth.patch.yaml create mode 100644 kustomizations/keycloak/resources.yaml create mode 100755 kustomizations/keycloak/scripts/generate-keycloak-secret.sh create mode 100644 kustomizations/keycloak/secret-generator.yaml diff --git a/kustomizations/keycloak/ingress.yaml b/kustomizations/keycloak/ingress.yaml new file mode 100644 index 0000000..a26d135 --- /dev/null +++ b/kustomizations/keycloak/ingress.yaml @@ -0,0 +1,24 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: keycloak + annotations: + cert-manager.io/cluster-issuer: letsencrypt + external-dns.alpha.kubernetes.io/hostname: keycloak.distrust.co +spec: + ingressClassName: nginx + rules: + - host: keycloak.distrust.co + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: keycloak + port: + number: 80 + tls: + - hosts: + - keycloak.distrust.co + secretName: website-tls diff --git a/kustomizations/keycloak/keycloak-config.enc.yaml b/kustomizations/keycloak/keycloak-config.enc.yaml new file mode 100644 index 0000000..00a1929 --- /dev/null +++ b/kustomizations/keycloak/keycloak-config.enc.yaml @@ -0,0 +1,78 @@ +apiVersion: v1 +kind: Secret +metadata: + name: keycloak-config +stringData: + admin: ENC[AES256_GCM,data:MRhVmq8=,iv:IMmqxQsXUcPg7Nwq6b1AXEipB4Ks05lEPrEh4nmTHxQ=,tag:K+dM779PcYEtCl/l3fquZQ==,type:str] + admin_password: ENC[AES256_GCM,data:wzTxmvr83LTWSLCdtoprqHMRuBxKkK0C2dmFCcF9lpI=,iv:frlyzI4trbJRHpgzRWUffOgnMFNfaO/XAlrxKdcLATg=,tag:Lv8zMWDqyppClmstGB2BPw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2023-05-15T03:10:17Z" + mac: ENC[AES256_GCM,data:UnjytZ+qoP9jsD+6XWo6f7Zrr2NGf4ZXa6bX4rqMoPu5VGbAewbKjeg2LQPLdB5t0V7cC0Zl0sfg58hLWZcG8igclSmfARkDBKeyCp836hkkUsoELule1jwUzlopNRFeh5W5P1sIpDt54QWulm7+stDAbT7tR586mIrzNOUj/M0=,iv:1vcNRq7pfVoRjPOxZvVKql5htdhAvueG1n2Qbx37mIg=,tag:vfuo+GbGz2p7MYib/uvxDQ==,type:str] + pgp: + - created_at: "2023-05-15T03:10:16Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcFMA82rPM2mSf/aARAArGyOdTV+QuqLX0HSdo13zZJfEqzz6arQ9nUVP9vSPF+C + i96V90KmzC1t/C1RFFzinKQ6gnIgC+yDZAs1HnvBpStaItz9oMLrldqDVMaEpK43 + u2HIpHsLvo/B2QN/0g63XSI7a1+MsDHZHWWbat+pDehLRWy9BgSd5/cZSiBIe0AG + NhwzeEIoEinecFW3NWUy9PZA0yEn/Gl6gdaNYLBDFdbAox8enwr3M5kmMolWmOgI + jYLyVQhU8tix/dRCXx+vzIrus7rIvoRqlL7ji9nA1wsFto/6OMkxfylIZzATK3JU + wQ55iZriD8WQOn/GTpDcomLuavu9/pNP+o2rszkws714CROPUa/vn963BZmxrNQ3 + W0ztTvOpJ+1dlR1ZxgPCBtUnv6jv6MCBC3DTtYtOCN7+CuRvlU5jSQUoiUyF12O6 + GLY+GiVWKE+d+EbF9rf3s/E9un4hop6izYjSP2R3lJPJvPX/KyFe0v6V2HfwNBaH + t5NEui8R2/9icmy1nTTzXN2YMQ59buPgSJJ7ZAdm1Vf21kddZFAijOhAGU8pL08Y + cH2lbD2Lx7/avszaG66Y+YkNnKWY1Ql/bv7qoBLWtC+49YiThxi5GiBfLTGGHXEu + GevgmC96YumLZpdmME1y5Zn62MrVHO0zTXxEnTb4txkXHDX2SUB/QvRfuFdxySvS + UQEU5w08lky/SvZ2pj/1EcTaJUv7pYOKs2yxjvD07IUFuWzwJTjqd4uxwWTaqdXl + Y4I9oSUTaoM/Qjr/yf8CpJSg+mjTSbXRBlJAXRlomPuMKQ== + =oFCJ + -----END PGP MESSAGE----- + fp: 6B61ECD76088748C70590D55E90A401336C8AAA9 + - created_at: "2023-05-15T03:10:16Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcFMAw95Vf08z8oUAQ/9G8zOlijaI9Y3lXZLwrGw/PPgCFPSi0bXSDALI+HfB7ig + 4F2tHmnUz3BVYzEwkNgs4Kc3CqI1IJ1MrU5jCCqR9+fpAmkPrKr+oRcYrmb5PGK1 + 81vYQ0H+dTThieNnI6bL4CCFEjwbyJTgPmiYrSO9G0BYyjiFlatqEe5ZI3nVk2w7 + Y3r5EZhFcVlTjsVuphXmf6KYzAoFq6EJn+nAJC18kqmdYBsK2iu1123kHR+lOWCK + ASiTkPezk/5KxNKb0rnQQexqpGEqBzxBCEw5kycrGgIxUdy31+749BolB5lstsFC + q6kdeshFBFzaNktH/lRKYrsee/qgGOHyheMC7HJwrLmsCvsESi1v3b6EJmNWApIg + ewxD7aj9oUKQg4m4Apc5Fw2icnwRefIF48TFGefL3syyNniWlnkTkRfYMIaEO6gy + a5IYg4utghkTx8uF+XQjV1njOEMsOekCiKWRhvacJsJ6ziWMXrJ8+R+NriIoJGV1 + svekoRuHTaK1NOH8Yb8Ftflqzf/MFRJT+xVWw+8S1cTXMq3nuYw6HgF2HFoA8STU + exD8Wd57BnUyx04IMqtwDwCDgzuwNJj+CU8OfkuGytgN/qOTb8XqVKkI2oIpqCqo + TtVSS/9W2vV5JqXQwSk1WU0Sxo8u7s89GC0uZqfCrD1c430M2UiWTIj16XFIqjDS + UQHon6AwuwAz0HAD9H3uPspXV2h2v9XanAXf+b8wI63X68bPovbr7TkIsHWLFpzq + 4Y11aben+nwqQkpN4ei5DNZ5LQsedwJ50Z7wuYkOxMthHg== + =8E34 + -----END PGP MESSAGE----- + fp: 88823A75ECAA786B0FF38B148E401478A3FBEF72 + - created_at: "2023-05-15T03:10:16Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcFMA0/D4ws+/KPtAQ/+LJiQrH4ODbXOXKXiiZD6qhya3KrfXIRG0Jn2Q17eN7Dw + txhKYfdQn3czsqfHEB082abKZ5P8rm8jSH85H8i6SACqsVic4zK72Uwqsd6c/c7J + dewAsvx4LuKdHh8RqxGOloE6Orvn3CYQT1K7d3asMEHyxYFkQLFFrtbUKVtx+BIw + RHTGmxU+ej3wmWpIEpXXqGbYbLzQA4j5jYe4jjUPW218bxJ+4nF4sNEwnYWEeYlZ + vol7gq2vPaqq8KrnDJhrc0GpbIQgsWnUg4LtExrWPLrhY+H+41tQ3GvpwZMncIJr + 4klNbeFjsNXh+1hP48IDwqgpUIWkBpSnhogt830Umciej/xIzvfyJnSxkzqYB60j + ZKUUky2iaSpR1IVNVu1Y3+ym+mQEYEypL9tX2sKkUZHOXKC0Iz2WpwcnEk/4WaI7 + KYk+IgNj2iwwCNHeVO2BMDcb91LA7FRt3EnT6XPH1mWawgRF3UM/wbzbYDUTJYKQ + FT7Yu+sJOjEWnv0goCwK6+CR3Yox22QnJ+Xi/rZT/B3LYixyKd0RD+f7zP3P9UGe + +fWsJUpFzftWaKto8eyz+mTYBaFYqwgqfqudjCOmW6DhUBr5VWfzW73xFE16047f + CZTgqAeNo7Npzm0BQTlODDk96j4zYa35Fho+GIscpji/phSQ+c3N7lc5RMxTRszS + UQGJYjTdH7N+dXYixN0DF7o26vC8GhJmOtZsNLexYFgGChPgCc1q+wX9td0zevwh + FD1pL4sxVsKPXfNKSF6UqZdEKglR2ihv6qywEQ5IT8sirw== + =o9zp + -----END PGP MESSAGE----- + fp: 3D7C8D39E8C4DF771583D3F0A8A091FD346001CA + encrypted_regex: ^(data|stringData)$ + version: 3.7.3 diff --git a/kustomizations/keycloak/kustomization.yaml b/kustomizations/keycloak/kustomization.yaml new file mode 100644 index 0000000..c3d7262 --- /dev/null +++ b/kustomizations/keycloak/kustomization.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: keycloak +resources: +- namespace.yaml +- resources.yaml +- ingress.yaml +generators: +- secret-generator.yaml +configMapGenerator: +- name: keycloak-config + literals: + - KC_HOSTNAME_URL=https://keycloak.distrust.co +patches: +- path: postgres-auth.patch.yaml + target: + kind: Deployment + name: keycloak diff --git a/kustomizations/keycloak/namespace.yaml b/kustomizations/keycloak/namespace.yaml new file mode 100644 index 0000000..385e10a --- /dev/null +++ b/kustomizations/keycloak/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: Keycloak diff --git a/kustomizations/keycloak/postgres-auth.enc.yaml b/kustomizations/keycloak/postgres-auth.enc.yaml new file mode 100644 index 0000000..1612fe1 --- /dev/null +++ b/kustomizations/keycloak/postgres-auth.enc.yaml @@ -0,0 +1,83 @@ +apiVersion: v1 +kind: Secret +metadata: + name: database-configuration +stringData: + address: ENC[AES256_GCM,data:RS6hEXdX1KCHRiQRZKh8KquHLopYO+7HrEQd7xEzsQ19sFZ4FTGO5JSDv+sQSFajdI0LEOvRrYrhVlWEQ8+VZ9E=,iv:1ImaNPCJ4gRPZnKLyUDAaYC65hznkJTN0XcoHMht7Uc=,tag:7EE/6DFeoftrfEWL87dhvQ==,type:str] + dbname: ENC[AES256_GCM,data:96lDzmgCQ44=,iv:Tgqn2ExHcLA0InFyq0vaIJ7JSki6D5yLeOFnvMtbfkY=,tag:eLKfzhvGL1PX1gjqh1aMoA==,type:str] + host: ENC[AES256_GCM,data:xiesN1NpCAEW2dGHutysgqfvHgQalMeQoe+JBSlLp4/RSdsZLBijzmDt7puqd29sLK0wgcqsxQgVjo4=,iv:HaG3YQ/g9rRoqwtWUT7W/gC+sCnq4f0shoLw2NV1f4s=,tag:sexGZ2EDkIIqN1cHU4OvIw==,type:str] + jdbc_url: ENC[AES256_GCM,data:Qq67i6hnALTr5eUdWQ/ICczNkdvRIC96qP53AQMN10AJoBvQUIDgbMN/XWTRC1SZPucC2b2+5hbsEFntud3ryY4+ucFe+c0O/k4hCC0qYySsf7tqWfiezwYxw16BskCVr3WalEzBB13zih0D,iv:gT/i4R+ZN/kmZfbrphDFZxdBfSQXyQjV231SMGkN4pc=,tag:/KBMJaRbsJmr35ncWcQksw==,type:str] + name: ENC[AES256_GCM,data:8sjmGhI2rfU=,iv:lZVcv5ADwJL/fS7dneji7KhfyFpHJGavcKFO1VB6zuk=,tag:vDIhIgX0/tjElndzUIaVyA==,type:str] + password: ENC[AES256_GCM,data:QZhQHjfakGBEcsxXC6OxAN1pl4z6DIrJ,iv:0mlgs/ihf5YKeEzn9lp6keNzKe4gMT+TTpquTLc7Lq8=,tag:3unmkIvaFQcfdDQZvcPiug==,type:str] + port: ENC[AES256_GCM,data:hR/vQxc=,iv:g9IODLw/3SjVXHR/+XEmYXm8sZbqJsTc13NJ3tE8FKs=,tag:JMvOoQa1dN9l5aEa79OeZA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2023-05-15T04:04:00Z" + mac: ENC[AES256_GCM,data:a7zP7tV+w4gdWh5Z8TCqs6T9cF4GZGny07gDsry5LdRHCSvMePjDmhTl3oPUT6IdxEQX0oMR7QsWGkuopSIiJ5FcY4Hbzp88ivSHCddaZCbSza9MeiQDU2XXCC1zaBFWFA75VF0Gkd/y4jwDHOpE+a9DERVJwgUuZMf1NaWVCOc=,iv:KDVtlwtnvX7HmA4T4x3sF9cicZzJGKuBHSBEom1tues=,tag:w3jfLi1poBTWFVkETPkt6Q==,type:str] + pgp: + - created_at: "2023-05-15T04:03:54Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcFMA82rPM2mSf/aARAAm2r/Vj8f2eHl2waxwn+GYEPyq8CYlJjCenIP0K/6UPyg + /+rcWcqm1Ip6CxgPm5MrZA/8b2+hep/H7IsSIG1EHyLfuKEROMMUFFh8jt6ZzRJX + W3UzLqRiYsZz98pd7UBgPs4q0vXCuUHIy2pjsXWy5SNIs5lPxfqW7Voh2K/XKGKd + Op8p+GeSsieVKoTnPqldHF6cBuUmxcLy8G5fqf5oG6bYwoW05e21aLBb0N4KCSRY + SJHnd03KOoqEGmdBw8sL8ob2Kj+AfUa2lqF5uKH8GrwP3fbXCXLbiukeyTbGOCkR + DdUp5h5Ik80nhkDJ4Te3Vq52U+p8AWO2sUJvgs4pmDdDW5ZOwRs1MiGs4Q4TIO32 + cBq8mGtL57yyTCtSw0FJE3rjFEAdUMmldNOqkkwPsybDpTzfYWjRkFQBestC4cvM + 0qtxHNk1EZLYgiw8tlZNhxz/Q7LQFjaOffU3r7IFjJxoWrpUlzrxEX0Ech79XzRl + mnXSvaYyboI/CZGuxqMN+fdxiY4BctT3c+PN7yDE+UNpUFI410637QTCpgKTwls5 + 5Gy0pBMDDf5WtGNq1ZkYajhqPe0VfOb72HzqWbrq3k5xVj7t9eXQHIgb04MnRQNF + Y9zT5yaK6pUQ4vN1PiCEycKZWMwJbvU7IfDIyCintCcEReCXRyjyG4A4t5PPAtDS + UQEiTfYS2piR7+fwqHAH/rehhmAO3Bi4HUJsY8ynhTD94pZhA+zPgLgMRlcGQNx/ + G6a7kA6+8t79HekNHvnvpjDe/JpXSBvTEX/Dpq8e7ry3HA== + =ukHh + -----END PGP MESSAGE----- + fp: 6B61ECD76088748C70590D55E90A401336C8AAA9 + - created_at: "2023-05-15T04:03:54Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcFMAw95Vf08z8oUARAAz+6T9zi2NzeoUAJjCCntvgiBeXvNr8bF+NycE0bxWbmA + DRkEQAC1N6mj2XJSSVrBkXro+L3yKrtvxDIWj09BefushoX+5J+xJAjTb8viSGzV + V6TLVnHI8slPMKxohog23qFXTKj8iHFJTLkqtpDhA6xfOc2l0GfUobD4sz5MLKqv + tMHlb4xhB4BM6VDfsJc2R1H1WxS2sLm9RI+eXZE4DypwAYwy1T+b5AIITuzXY0Vf + c8HHCt/Rk06yg+lQ6KiHjEBT8xZTmrcPARzXBx0TmHLXK9ICmXpsfbsMQYxudyGo + Aqmnxq7V1hKvjg5y/94+H4BBslcA77C1fRzLCMFtDZAN9zdZ2HFAxttr+O+Nf/zK + m5DAO7P+O41DQOgBKh67xoqH2dY1Srim0R4Tt0x5FZHW1mNKDv63MBPBWVMW7CvA + RZJ6KKSlhc92sG/NaJyYC5oLhjAdv9JmC+/yArNLhXzvzOwnDWVSKN+N8I+D67bl + qJQWAQD1PPJjJzY6+MTfjl0Xq5BuwcAEIv9E25NDpPw2Bkb9HmPk8/ufFKc/l4iV + Bsh8mJz2nIM9M8NxZWZ2D7n1NpHvl6nUN6khkXqLcMtyZhcCsNiJLRSW/5Du3zxV + CT3Y/fGG3XmSdyg1pylFPImtvsPMQFQhZGY7LHkUUnScQJD2eRQi2KYvHkET8FHS + UQGZFsF3U5xWYQdiQ2ih0q4muK9z0+HkP+hVr528nXSWdQWM5RgIER1LlR/bEsRa + 0eAq9SZcQcvRMJqBpE8edQ1z1YsoX7nmTv/ERE5MQvc5eg== + =tGMv + -----END PGP MESSAGE----- + fp: 88823A75ECAA786B0FF38B148E401478A3FBEF72 + - created_at: "2023-05-15T04:03:54Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcFMA0/D4ws+/KPtAQ//V19wzb2oNiTG7tsO2BzpcgFiY4TO5l3Xnc5meQE6kgGh + CCktTlqToK5GrgpHbxogIElwsCyqmsKvHf7Y0smMdQV+dymHrjhm8/BMIsHw6oy0 + SGSNLaLgJQxxYwRXMufVCsBEIg8iFJSWGUydNd2KPhQZjQo+hR6ki8ijLUASkdeQ + IUtFz0nxvtnKz3PUCzE0yCArxIP6joWTxwMp8uQB1kj86lfpQWFKX2JlOqurydo7 + QDPXHYTMgzRuAHnuDoEeQREbagC97VhdvCcH1PjCwgef2AcU8o/mhddNiEdLpmeX + YPqgY2CBBzbICdL00KhVUu2dcw5+aIG/q0R70+R7eX+783cj3QwjHUcEyGdEDTo/ + AUclqSpePP3okpVyQAWNtrYrC3uMx6/bUgSLVeFwpmVmkHyX3mhPnC9fHcE/pnnN + +jSjRawHDP+GnnfHEwppHl1F16+cjJzBbO8KZe7WTWzRzfYCcqv0REQ9SmKhaouE + C+wiBFewtyaKKBr9eEdOUPg07YAqU+9FWPyyPDv5dqdljvLH0N4JaWH2S/83WNbb + y/atJiRcOP5dhHbPZ1PbG5sLkPBmyHiFy3E8AZLcWEwkXlXttFvdKYcULaDh3O/x + vXsDWO1S6ezQ0Z4TZqLfATSzvqzSuSazRVCXsG0b6MK2nvorT5xFsANhhRGYi0bS + UQEmqP6gs7PzX3FLuAnLMTbIts3NdkHjGJIYIGb82AiO4eoSUp0h13vrJchEr2XR + NIszME07Iy+yE8eeX7yMIlbDZRaZ1t4nDQU/UT7xmCHYVQ== + =bXHz + -----END PGP MESSAGE----- + fp: 3D7C8D39E8C4DF771583D3F0A8A091FD346001CA + encrypted_regex: ^(data|stringData)$ + version: 3.7.3 diff --git a/kustomizations/keycloak/postgres-auth.patch.yaml b/kustomizations/keycloak/postgres-auth.patch.yaml new file mode 100644 index 0000000..3e8cc90 --- /dev/null +++ b/kustomizations/keycloak/postgres-auth.patch.yaml @@ -0,0 +1,43 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: keycloak +spec: + template: + spec: + containers: + - name: keycloak + args: + - start + - --db=postgres + env: + - name: KEYCLOAK_ADMIN + valueFrom: + secretKeyRef: + name: keycloak-config + key: admin + - name: KEYCLOAK_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: keycloak-config + key: admin_password + - name: KC_DB_USERNAME + valueFrom: + secretKeyRef: + name: database-configuration + key: name + - name: KC_DB_PASSWORD + valueFrom: + secretKeyRef: + name: database-configuration + key: password + - name: KC_DB_URL + valueFrom: + secretKeyRef: + name: database-configuration + key: jdbc_url + - name: KC_HOSTNAME_URL + valueFrom: + configMapKeyRef: + name: keycloak-config + key: KC_HOSTNAME_URL diff --git a/kustomizations/keycloak/resources.yaml b/kustomizations/keycloak/resources.yaml new file mode 100644 index 0000000..1f9a8e4 --- /dev/null +++ b/kustomizations/keycloak/resources.yaml @@ -0,0 +1,53 @@ +apiVersion: v1 +kind: Service +metadata: + name: keycloak + labels: + app: keycloak +spec: + ports: + - name: http + port: 80 + targetPort: 8080 + selector: + app: keycloak + type: ClusterIP +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: keycloak + labels: + app: keycloak +spec: + replicas: 1 + selector: + matchLabels: + app: keycloak + template: + metadata: + labels: + app: keycloak + spec: + containers: + - name: keycloak + image: quay.io/keycloak/keycloak:21.1.1 + args: ["start"] + env: + - name: KC_PROXY + value: "edge" + - name: KC_HEALTH_ENABLED + value: "true" + ports: + - name: http + containerPort: 8080 + readinessProbe: + httpGet: + path: /health/ready + port: 8080 + initialDelaySeconds: 60 + livenessProbe: + httpGet: + path: /health/live + port: 8080 + initialDelaySeconds: 60 diff --git a/kustomizations/keycloak/scripts/generate-keycloak-secret.sh b/kustomizations/keycloak/scripts/generate-keycloak-secret.sh new file mode 100755 index 0000000..5e40a5f --- /dev/null +++ b/kustomizations/keycloak/scripts/generate-keycloak-secret.sh @@ -0,0 +1,22 @@ +#!/bin/sh + +if test -t 1; then + # This is not foolproof. Can easily be beat by doing |cat. This is just to + # make it less likely that secrets are output to terminal. + echo "Error: Not outputting secret to stdout; redirect output to a file or" \ + "pipe output to \`sops\`." >/dev/stderr + exit 1 +fi + +KC_ADMIN=admin +KC_ADMIN_PASSWORD="$(pwgen 32 1)" + +cat <