mxab
commented
7 months ago Hi thank you for you're feedback. I also just realised that this is kind of missing from the docs.
I think I assumed that everyone is using the terraform module which is mentioned in the Create Client section
But it makes more sense to state it explicitly and also the link to the actual modul is broken I just noticed 😅
Very useful plugin! thank you.
TLDR: Mention in the documentation that the Keycloak client providing the client secret and id for the plugin to operate must have the realm-management view clients service account role assigned.
Having followed through the readme in detail, I was getting back "could not retrieve client secret" when attempting to read client secrets. Nothing was being written out in vaults logs.
I dug through the code base, found the keycloak go client and issued the commands manually using postman to authenticate and query keycloak. I discovered 403 responses which lead me to the service account roles (ought to have been obvious in hindsight!),
Either way, if it appeared in the readme it would have saved me some time.