Keycloak Clients

Upon factory registration, clients are created in Keycloak, and the user can download the clients secrets in YAML file format, which includes the login credentials for the factory services.

The Keycloak clients' file data must be sealed since it contains sensitive information, and then deployed on Kubernetes, where each component can use its respective Keycloak CLIENT_ID and CLIENT_SECRET.

YAML file example

apiVersion: v1
kind: Secret
metadata: 
    name: 'keycloak-clients-secret',
    namespace: 'default',
data:
    ASSET_DESCRIPTION_BUNDLER_ID: <base64_encoded_client_id>
    ASSET_DESCRIPTION_BUNDLER_SECRET: <base64_encoded_client_secret>
type: Opaque

The CLIENT_ID is automatically generated by the platform using the service URL provided during service registration. For instance, using the Asset Description Bundler service with the URL /srv/asset-description-bundler, the process is as follows:

Remove the /srv/ prefix, leaving asset-description-bundler
Replace all dashes with underscores, resulting in asset_description_bundler
Convert to uppercase, resulting in ASSET_DESCRIPTION_BUNDLER
Append suffixes:
- Client ID: ASSET_DESCRIPTION_BUNDLER_ID
- Client Secret: ASSET_DESCRIPTION_BUNDLER_SECRET

Note: CLIENT_SECRET is auto-generated by Keycloak on client registration.

Factory RegistryActivate

AnonymiserDevelopment Guide