Commit 3acdd02
fix(manifests): add jwk-cert-url flag, harden SaaS template security
- Add --jwk-cert-url CLI flag pointing to Keycloak JWKS endpoint;
without it the framework defaults to sso.redhat.com and rejects
tokens signed by our Keycloak instance
- Remove unused JWK_CERT_URL env var (framework reads the CLI flag)
- Remove CREDENTIAL_ENCRYPTION_ALLOW_PLAINTEXT=true
- Add readOnlyRootFilesystem: true to all container securityContexts
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>1 parent 34fd7a2 commit 3acdd02
1 file changed
Lines changed: 4 additions & 4 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
105 | 105 | | |
106 | 106 | | |
107 | 107 | | |
| 108 | + | |
108 | 109 | | |
109 | 110 | | |
110 | 111 | | |
| |||
189 | 190 | | |
190 | 191 | | |
191 | 192 | | |
| 193 | + | |
192 | 194 | | |
193 | 195 | | |
194 | 196 | | |
| |||
205 | 207 | | |
206 | 208 | | |
207 | 209 | | |
208 | | - | |
209 | | - | |
210 | 210 | | |
211 | 211 | | |
212 | 212 | | |
| |||
219 | 219 | | |
220 | 220 | | |
221 | 221 | | |
222 | | - | |
223 | | - | |
224 | 222 | | |
225 | 223 | | |
226 | 224 | | |
| |||
232 | 230 | | |
233 | 231 | | |
234 | 232 | | |
| 233 | + | |
235 | 234 | | |
236 | 235 | | |
237 | 236 | | |
| |||
295 | 294 | | |
296 | 295 | | |
297 | 296 | | |
| 297 | + | |
298 | 298 | | |
299 | 299 | | |
300 | 300 | | |
| |||
0 commit comments