community.general.keycloak_clientsecret_regenerate module – Regenerate Keycloak client secret via Keycloak API
Note
This module is part of the community.general collection (version 7.5.2).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.general
.
To use it in a playbook, specify: community.general.keycloak_clientsecret_regenerate
.
New in community.general 6.1.0
Synopsis
This module allows you to regenerate a Keycloak client secret via the Keycloak REST API. It requires access to the REST API via OpenID Connect; the user connecting and the client being used must have the requisite access rights. In a default Keycloak installation, admin-cli and an admin user would work, as would a separate client definition with the scope tailored to your needs and a user having the expected roles.
When regenerating a client secret, where possible provide the client’s id (not client_id) to the module. This removes a lookup to the API to translate the client_id into the client ID.
Note that this module returns the client secret. To avoid this showing up in the logs, please add
no_log: true
to the task.
Parameters
Parameter |
Comments |
---|---|
OpenID Connect Default: |
|
Client Secret to use in conjunction with |
|
URL to the Keycloak instance. |
|
Password to authenticate for API access with. |
|
Keycloak realm name to authenticate to for API access. |
|
Username to authenticate for API access with. |
|
The client_id of the client. Passing this instead of id results in an extra API call. |
|
Controls the HTTP connections timeout period (in seconds) to Keycloak API. Default: |
|
Configures the HTTP User-Agent header. Default: |
|
The unique identifier for this client. This parameter is not required for getting or generating a client secret but providing it will reduce the number of API calls required. |
|
They Keycloak realm under which this client resides. Default: |
|
Authentication token for Keycloak API. |
|
Verify TLS certificates (do not disable this in production). Choices:
|
Attributes
Attribute |
Support |
Description |
---|---|---|
Support: full |
Can run in |
|
Support: none |
Will return details on what has changed (or possibly needs changing in |
Examples
- name: Regenerate a Keycloak client secret, authentication with credentials
community.general.keycloak_clientsecret_regenerate:
id: '9d59aa76-2755-48c6-b1af-beb70a82c3cd'
realm: MyCustomRealm
auth_client_id: admin-cli
auth_keycloak_url: https://auth.example.com/auth
auth_realm: master
auth_username: USERNAME
auth_password: PASSWORD
delegate_to: localhost
no_log: true
- name: Regenerate a Keycloak client secret, authentication with token
community.general.keycloak_clientsecret_regenerate:
id: '9d59aa76-2755-48c6-b1af-beb70a82c3cd'
realm: MyCustomRealm
auth_client_id: admin-cli
auth_keycloak_url: https://auth.example.com/auth
token: TOKEN
delegate_to: localhost
no_log: true
- name: Regenerate a Keycloak client secret, passing client_id instead of id
community.general.keycloak_clientsecret_info:
client_id: 'myClientId'
realm: MyCustomRealm
auth_client_id: admin-cli
auth_keycloak_url: https://auth.example.com/auth
token: TOKEN
delegate_to: localhost
no_log: true
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
Representation of the client credential after module execution Returned: on success |
|
Credential type. Returned: always Sample: |
|
Client secret. Returned: always Sample: |
|
Message as to what action was taken. Returned: always |