Identity based SSH with Vault and Keycloak. | Part 1/3

Step by Step Guide for Configuring Vault + KeyCloak OIDC

SSH Signed Certificate Authentication | Check above slides here


git clone
cd vault-ssh && vagrant up
vagrant ssh vault
echo $VAULT_TOKEN | vault login -
Success! You are now authenticated. The token information displayed below
is already stored in the token helper. You do NOT need to run "vault login"
again. Future Vault requests will automatically use this token.
Key Value
--- -----
token s.WzCfvOHa0Dz1W11NkOHkFYLV
token_accessor qbWsjwwywUJU7Sw0CRoWHlSB
token_duration ∞
token_renewable false
token_policies ["root"]
identity_policies []
policies ["root"]
vault policy write admin /vagrant/admin.hcl 
Success! Uploaded policy: admin
vault auth enable oidc
export KC_DOMAIN=
export KC_CLIENT_ID=vault
export KC_CLIENT_SECRET=3ce2a23d-681e-4804-affe-a4214195a4d2
vault write auth/oidc/config \
oidc_discovery_url="$KC_DOMAIN" \
oidc_client_id="$KC_CLIENT_ID" \
oidc_client_secret="$KC_CLIENT_SECRET" \
export VAULT_UI=
export VAULT_CLI=
vault write auth/oidc/role/default \
allowed_redirect_uris="${VAULT_UI}/ui/vault/auth/oidc/oidc/callback" \
allowed_redirect_uris="${VAULT_CLI}/oidc/callback" \
user_claim="email" \
Login to Vault using Keycloak



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store