Skip to content

Commit

Permalink
feat: 🔒 add keycloak password policy
Browse files Browse the repository at this point in the history
  • Loading branch information
this-is-tobi committed Oct 25, 2023
1 parent 78c8096 commit e92669d
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion roles/keycloak/tasks/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -157,6 +157,7 @@
id: dso
realm: dso
display_name: Dso Realm
password_policy: "length(8) and lowerCase(1) and upperCase(1) and specialChars(1) and digits(1) and passwordHistory(1) and notUsername() and forceExpiredPasswordChange(365)"
enabled: true

- name: Get keycloak dso realm users from API
Expand All @@ -183,7 +184,7 @@
block:
- name: Generate admin user password
ansible.builtin.set_fact:
admin_user_password: "{{ lookup('password', '/dev/null length=16 chars=ascii_letters,digits') }}"
admin_user_password: "{{ lookup('community.general.random_string', length=16, min_lower=1, min_upper=1, min_special=1, min_numeric=1) }}"

- name: Create dso secret
kubernetes.core.k8s:
Expand Down

0 comments on commit e92669d

Please sign in to comment.