Add keycloak
Keycloak is a login provider that we can host to give us SSO. This is preferable
to all of our services having different authentication capabilities, logins etc.
(e.g. mailu doesn't support 2fa: <https://github.com/Mailu/Mailu/issues/2222>!)
Change-Id: Ic0a5238a03d4d0b8a270c29a270c579b00aea799
diff --git a/secrets/postgres.json b/secrets/postgres.json
index 5bb202b..2b057d8 100644
--- a/secrets/postgres.json
+++ b/secrets/postgres.json
@@ -1,7 +1,10 @@
{
- "clicks_grafana_db_password": "ENC[AES256_GCM,data:tFByC3OyhRLkDlfjwq3Kmc7PnTHWmkXpXuqOGb2AzA9dkAijPggPhgvCrbkY8/oL8QwQDaI24+XV3U/8A2UwLbzu0L5oaWV/E4EJbyvi8UKp8Wg8Au25E0nD5tJZm7QQ3FVERgoUefcB8AEPJ4Z8Rgx1PuoBeun9toT1GkJtmuYNNHpOcFrbmaI/Qf1MP+yFZLYjvB1jz07V04RGTv4jow61lWFknS2aPJyat43Ogp64lIkfjen7zCvj3CWghfJx87uxeXsnFHMrRwfONozUdw19Bq1uLUJ7xvPqDtr/1WKi1xvBe5ez7/PkPslNJlIToIlL89xN/lOm2iQR2BNeXg==,iv:ruC4PzKpWYsz2qe0KImUo0YhRt2cisYx306yfPtzi6c=,tag:U8vg7w1zyqXAWH3WzNAHFA==,type:str]",
- "clicks_bitwarden_db_password": "ENC[AES256_GCM,data:Xr9h/QVazxn1tzSNJgPH9uk6RE2bk0fNyOVNxSlflQ14wnna0xA9Uw4CcN9DbPyvBCvYsKrxTJOAzLOn/K4rc/G1C7dPKpGADiTH5O+1wX+PifrDHtQyuqvaarwO3QA20ZW48A==,iv:yKYDF3X9fNO+rbnguo5DAiXfCkjH06VkpGBjB9NGv/s=,tag:W8fAVyJGh6jQxwHMN+RAPg==,type:str]",
- "clicks_privatebin_db_password": "ENC[AES256_GCM,data:FqTQzRxzv1Jelr7uPgQO0g9n653ilAriacvfj0ZQ7mnD8PEpE5SsZ4z8pOZJxCyIHFGE1n1iFudTJ3RXdSdsQ3Rxw7/eoz7IlblnQFQQKdTbpApNAkKyCKr5tUhUPqjTFixxGwNO8yxNUCTtdrBBbVZoxyAwl8lWXhI78fiFGA8=,iv:lqCfX0P+xHtIJfRW1DUjfwNlmvRCkg+y+qogsETL0RM=,tag:H855oMdkflQP6Drlefv6dA==,type:str]",
+ "clicks_grafana_db_password": "ENC[AES256_GCM,data:sw/zrpFiCe2rLn73M8GE/uWbMsaGmVcHM93mEb4ZEFXTJEPN1Zx47/VyKmMmadMQDWHECCsqmXyjqCy2IG3T7ox5A8bVHYIyAhWz8hi+Ao9d7M76RJl6HhrhJF89+64/F+PTN0z0+5KgC4nMjGbYaJj8A83Fh2bpUGgow+eDghUQf+GDhXJGIsYqXpyxZdl1YjmD0Gj0AK4Em+t4gPlY82CbiyRhEag+BOkSxSirBHYlqiKrFisrKtzHt/gYZQZZMt3tNRqY2S71pJospxJ+ZFhgVzyt2euxZYftKj7rehvLHdvfr7VUsJdwLK2hC7RRzMlEojnEqPXRQ8Uee2XiTg==,iv:5sdPFVdo1MBMF2CN7UtfKYf83WnnW5Hpdy0yoGyPAC0=,tag:SxC4DuVYiNcvJrGvzYk0Fw==,type:str]",
+ "clicks_keycloak_db_password": "ENC[AES256_GCM,data:duwBc+bJnfn1Erzi1FijzOtrruTsdOZDFmVA6OWMwrN/YBE8Dy5PEfMJ0acZ2Wc544426Dp70fHppIMqdoJPFbOSsmgysLoxfQLxk7iJaO56N6ZUMMk4qQT7Y/u2m5uJS43R1O5wRz+C6IYCu0ixXOj/+6dDigk2Ur2i3OjrS/4=,iv:X1DSnWSO1js9bQVgMHX1wN1NkfFylnGHAluoNQ7ztpw=,tag:cKPfZU0j4NYTIYlp6UXzGA==,type:str]",
+ "clicks_bitwarden_db_password": "ENC[AES256_GCM,data:NR5ezR022u5MJmMq1veRbx89gRUS07pJq6d4i8lfgSM3uhrq1LtgP7KT5T9my1koBynGYTPvA2TMUQbePrVQYiPVMWzFRaYHzV29xKJqbTC6s7KdWLs6VxeRQMzCfmakqYf2mw==,iv:wEjSkr7NJvE8ZcEgNe6zL5h3UFwBidKySUCD6elpmeA=,tag:B0bujxD6F+OyytMCRrwltw==,type:str]",
+ "clicks_privatebin_db_password": "ENC[AES256_GCM,data:T+NIe961xTXO/B9RCr/KlhlOLHcz8RfVnCn/+PexGUSeQ9suQ1wdILt14GvEuAUczN3bTT1sy9wRM656lAwWA/nsF3yML+5VwQo/aKo2R66Ga9Lnslg8tquQuwEpWb2tRg6BDEwUl0iLrvGKODAKuu3ClXJEJTASeTCZMv0jUQY=,iv:NFsZbKKCfji9DGDRQHFfH+insWGxbS6xqsng40ckC4M=,tag:LR5Ay8ZowkD7s3pEHjws2w==,type:str]",
+ "clicks_gerrit_db_password": "ENC[AES256_GCM,data:0QJH5KEi25NG3EvN9HF7Y7DeSemp6imouqoytwLZldpD9XlCa1wt14Re3ykADfIUzp6OjGIHY6XHdglN1/pqUOzmxb+3rG82FyNgUI9O91F8+1g8U7TjaQkfjlWudxhlDkwnQNSu5FcBuJ04BEtBWJ7l/POJ5BVi4bX9N9hGsdc=,iv:564WVx1tkYHvebqXKVaBFBmu9NYbDgiQ8YVmMMQFqPQ=,tag:zfWgB3Fje4sogYKGiiu/lg==,type:str]",
+ "clicks_nextcloud_db_password": "ENC[AES256_GCM,data:Tu4BRo0qkpp+RXYlQO7PIfZM40tquvQUt9hbtZdKRotrOg81CGjZLISjNELr8pLCQK4AAfCJ7UPdR0ZztJfhrj5vPnaQM/2nHO4aMuhfnkOX00MDJhum/j1I0Adx/Au9zAaIONaKMBXLmX/g3FU2s6Yp7OtZ7/4FoWAYbG4zSbY=,iv:LjlkKkVNybg9EU9pytsmyYJrFMym0RmSvIFI/KKcpyc=,tag:rPyOh+KtAmo9OeY0Wm1sCQ==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
@@ -10,19 +13,19 @@
"age": [
{
"recipient": "age15mv77dpnh5762gk5rsw2u79uza4tg8cu6r3nlwjudlzmdqqck3ss6mg9dy",
- "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRa01sZHdFalJFTFVxQ25K\nMms0c1pIeUpHK1MvcGZWN1hwS094OC9RMEZ3CnR0a2xzbmxScUhOcE5CRVdjZFha\nV2h4TVV3TGxFV0tUK3lQSDl4OWpEQlEKLS0tIGVkRFp4N25maW83TGlxTy9WRGxQ\nQ3NESWw5VFNGRlFKRnRlemNsK1NRSHcK34seVyvvseCzn3abwcCAu3rhOUQYMUMC\nLepvm8ahPRcI5Hl3cbX6c1Td6QQ5kPC3QYyngKX4M+jhWMfpuDbwHQ==\n-----END AGE ENCRYPTED FILE-----\n"
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByRlE1TCtxTTd4RTFtVG9l\na2ZKeEZZMC9YZDBEc0FCMXQ3ekMwczdhZUFvCkcvSGRsVmVDSjdNMW4zNVhKdFhv\nQjdnZXBJMmdORG0wdzVKQ1ZDZ0xVbUEKLS0tIERtK1J6UWQzVTZsUGVrcFFYelBB\nWnFQNGI3Y0JzbHNlcjNxL2FjaVh2Z00KMkxXtxMB656xgwFDd3SI1HeTsyFQ18Rj\nPQZYwbVHgQ/KUo/t6zRFN6RwNQ+eqcgl+x/eSilUlFf8x3sg96OKhg==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1m7k864feyuezllp2hj4edkccn36rthrvfw969j6f0l3c0mhh5emsnfx6pd",
- "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMMThlZzkzUW1hWUp0djZl\nMmVsRzZNdnA0QmRXaU5JeXBVcDB2Lytya3hNCitSVi8rdkp3UmVXWTV0MGV3QWJF\nZHJxMk1UaDF0b01qTm1sL3ozNjJpZmsKLS0tIGtDcFF2cTFmS3d2UFNYamFCOFdm\nUnk1dUhvR1R6cTlzNVVqdU5CdG9YS2MK0yfOBwjloIjtaWtJf6hRsjm9LCOHbB96\nzRl95IazEXhBUwB9WC2RsH6l8/Ja4AHvTnCmznItbvQL/LassZsMGQ==\n-----END AGE ENCRYPTED FILE-----\n"
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpMjNRUVp1b0R1OWwybGVI\nbjVvWS9CblRQdW9yMldZVmhNUU4yWU9QSGxzCjl0SWlSbHBkektucTJzUUgrcEhp\nMm5weFp0WGJJdUU3ZHZUaXBxUEl1WEkKLS0tIFliZXJDS0V4TlJkdVpMYks5UTNa\nT2hhVzl2cDdUWUVYSXhYbVpET2k0SWcKmqiJMB2N77WenKzx18ADkg56YEW+PNk2\nZX3vvcuU2eLZ1u6O0y7melm/CG2hgYi/oXV+c7Xddva8LN3tbo77MA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1fxxnmkeuqhhct93c43pwkzhuzzq8857s5hye6pgfpku70kjn4ecqtamfqr",
- "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByN0hMaXF2S2xiTTNqbm9h\nSGNieGNjNThJTk0wZXNQejBXaW9MOEp2akNFCm8rWVc3WG9pVndERFZzUnFOZnVG\naFBxTENlQ0x0ZjdqUHF6SFBPKzQ4bUEKLS0tIGVJTmdveTZrNTRiSTl0cHRQeWhl\nY2RmUTVQVTNoMFhLdkc3WFZEcHAycnMKqr42TSx7Pqcu62XgX4gj/iq2tbkZjFxg\nOcWBsLzqOsu/r0w5cK2Ple6JFGIJwmT2SqVqZh1pPbPwYHHXHbEphg==\n-----END AGE ENCRYPTED FILE-----\n"
+ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuN2k4QnR0UnhXTHFTUUlz\ndlJpYVBaeHB5eitocktmV1hPN2Vxa0pjYUhBClc1REh1UndRM1F3L082ZElrZkJZ\nWk56Z1Vrd0xla1FSb1k2eGN4UXlud2MKLS0tIEczMWVuVkIwOGNRamE2OW1VNWlT\nZXdBTUxMNnRUSlhHbGtndzZISm1jM1kKvg5s5u68gW9PeQ8cYRqBwqHu352bv1jQ\nQUSPxQpGZilZz95BUMEniAa75ljAD7b9v9zmxLDRreC+4L/thCdMFQ==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
- "lastmodified": "2023-07-30T14:59:54Z",
- "mac": "ENC[AES256_GCM,data:Miimq3cBEfHhtF+zUWzYUs0pGfEEvA0ZXJzgJabH19FfIMSR6dXpdN807i7Of1AGYNYlGpxS3aPbDrpB5wsKkDFwzTCIZDsaKeq0G/YVzNVxA7BVdw/I3048f/VqrGSenwPhbpElADrGsL+waXGbQ/GA5F4387yihi6ZenxeQIs=,iv:Tx4bRqLVaaNACumwumZrCPcfTg4i19TSpwd1Ifu1PmE=,tag:nFg7zNFiR9vah4bgId0jjA==,type:str]",
+ "lastmodified": "2023-10-07T21:56:51Z",
+ "mac": "ENC[AES256_GCM,data:L4f1WW6Wjh/2qEHyqLR16kpM2dmxft9He9E7bADwGk40CKPq2pdh+3MvHsHIPHDoo87f3UO7yJUWsES80vKwjaLIqkeRfVJRFP4Ci/m8KZtWJBtEdaHfU2nKegBTmb797CvMZN8rAvn/AeFl53sNK0QtYAnJhIctZ72rh2kGepQ=,iv:phi5SwKZ8ESWKZntKUkZWfl8NdTvH3Ax7rnuT2bz4vM=,tag:fFQOutSnTO9no1atbravLA==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.7.3"