Keycloak and Spring Cloud Vault Integration

[sedefbostanci]

I want to manage my secrets using Spring Cloud Vault. However, the authentication methods in Spring Cloud Vault do not fit my needs(I don't want a static token due to security requirements, and I am not able to use Kubernetes or AWS methods).

I am currently using Keycloak in my app. I was able to integrate Keycloak and Vault independently of my application, and I can connect to the vault with "Sign in with OIDC provider" by using the dynamic tokens produced by Keycloak. However, Spring Cloud Vault does not have a direct authentication method with Keycloak. Do you know how I can use Keycloak or its generated dynamic token as an authentication method on my app(somehow using Approle or any other methods that Spring currently has)? Or does Spring have a plan to use OIDC providers as an authentication method for the Spring Cloud Vault as well in the future?

[mp911de]

I think spring-projects/spring-vault#759 is required. Generally speaking, I wonder how OIDC tokens should be used with Spring Cloud Vault as logging in via UI is a user process while the Spring Cloud Vault config is required to be present at deploy-time.