redhat-developer · deerskindoll · May 13, 2026 · May 15, 2026 · May 18, 2026 · May 20, 2026
diff --git a/...-rhdh/assembly-configure-trust-for-corporate-certificate-authority-in-rhdh.adoc b/...-rhdh/assembly-configure-trust-for-corporate-certificate-authority-in-rhdh.adoc
@@ -0,0 +1,19 @@
+:_mod-docs-content-type: ASSEMBLY
+ifdef::context[:parent-context: {context}]
+
+[id="configure-trust-for-corporate-certificate-authority-in-rhdh_{context}"]
+= Configure trust for corporate Certificate Authority in {product}
+
+:previouscontext: {context}
+:context: configure-trust-for-corporate-ca-in-rhdh
+
+[role="_abstract"]
+Set up trust for certificates issued by corporate Certificate Authority (CA) in your {product} deployment.
+
+include::../modules/configure_configuring-rhdh/proc-configure-trust-for-corporate-certificate-authority-with-node-extra-ca-certs.adoc[leveloffset=+1]
+
+:context: {previouscontext}
+:!previouscontext:
+
+ifdef::parent-context[:context: {parent-context}]
+ifndef::parent-context[:!context:]
diff --git a/...figuring-dynamic-plugins/assembly-enable-and-configure-the-keycloak-plugin.adoc b/...figuring-dynamic-plugins/assembly-enable-and-configure-the-keycloak-plugin.adoc
diff --git a/...mblies/observability_monitoring-and-logging/assembly-rhbk-metrics-for-rhdh.adoc b/...mblies/observability_monitoring-and-logging/assembly-rhbk-metrics-for-rhdh.adoc
@@ -0,0 +1,14 @@
+:_mod-docs-content-type: ASSEMBLY
+ifdef::context[:parent-context: {context}]
+
+[id="rhbk-metrics-for-rhdh_{context}"]
+= {rhbk-brand-name} metrics for {product}
+:context: rhbk-metrics-for-rhdh
+
+[role="_abstract"]
+Use {rhbk-brand-name} ({rhbk}) metrics to troubleshoot authentication issues.
+
+include::../modules/shared/ref-rhbk-metrics.adoc[leveloffset=+1]
+
+ifdef::parent-context[:context: {parent-context}]
+ifndef::parent-context[:!context:]
diff --git a/...nfigure-trust-for-corporate-certificate-authority-with-node-extra-ca-certs.adoc b/...nfigure-trust-for-corporate-certificate-authority-with-node-extra-ca-certs.adoc
@@ -0,0 +1,42 @@
+:_mod-docs-content-type: PROCEDURE
+
+[id="configure-trust-for-corporate-certificate-authority-with-node-extra-ca-certs_{context}"]
+= Configure trust for corporate Certificate Authority with `NODE_EXTRA_CA_CERTS`
+
+[role="_abstract"]
+The best practice for configuring {product-very-short} to trust a certificate issued by your corporate Certificate Authority (CA) is
+to use the `NODE_EXTRA_CA_CERTS` environmental variable.
+
+[NOTE]
+====
+The steps
+to set up {product-very-short} to trust a CA may vary
+depending on how your specific {product-very-short} deployment is configured.
+The following instructions capture only the general outline of the procedure.
+====
+
+.Prerequisites
+* You have access to the public root or intermediate certificate of the CA you wish to trust.
+
+.Procedure
+. Export the corporate CA certificate chain (root and intermediate certificates) from its source.
+. Convert the certificate or the entire certificate chain to `.pem` format.
++
+[IMPORTANT]
+====
+The maximum of file paths in `.pem` format supported by `NODE_EXTRA_CA_CERTS` is *one*.
+You cannot concatenate multiple file paths as values of the environment variable.
+
+If you want to inject multiple CAs or certificate chains into your `.pem` file,
+you must first convert them into `.pem` format and then concatenate them into a single file.
+====
+. Create a secret  containing the CA.
+. Mount the secret into {product-very-short} environment.
+. Set the `NODE_EXTRA_CA_CERTS` to point to the mount path of the secret.
++
+[IMPORTANT]
+====
+You can only use the file path of the CA as a mount path.
+Setting the CA directly as an environmental value is not supported.
+====
+
diff --git a/modules/shared/proc-configure-the-keycloak-plugin.adoc b/modules/shared/proc-configure-the-keycloak-plugin.adoc
diff --git a/modules/shared/proc-enable-authentication-with-rhbk.adoc b/modules/shared/proc-enable-authentication-with-rhbk.adoc
@@ -152,7 +152,7 @@ Enhance security and prevent potential misuse of older tokens by enabling a refr
 . From the *Realm Settings* page, click the *Tokens* tab.
 . From the *Refresh tokens* section of the *Tokens* tab, toggle the *Revoke Refresh Token* to the *Enabled* position.
 ====
-
+. Optional: Enable xref:assemblies/observability_monitoring-and-logging/assembly-rhbk-metrics-for-rhdh.adoc[{rhbk} metrics].
 . To disable the guest login option, in the `{my-app-config-file}` file, set the authentication environment to `production`:
 +
 [source,yaml]

diff --git a/modules/shared/proc-enable-the-keycloak-plugin.adoc b/modules/shared/proc-enable-the-keycloak-plugin.adoc
diff --git a/...s/shared/ref-keycloak-plugin-metrics.adoc → modules/shared/ref-rhbk-metrics.adoc b/...s/shared/ref-keycloak-plugin-metrics.adoc → modules/shared/ref-rhbk-metrics.adoc
@@ -1,16 +1,16 @@
 :_mod-docs-content-type: REFERENCE
 
-[id="keycloak-plugin-metrics_{context}"]
-= Keycloak plugin metrics
+[id="rhbk-metrics_{context}"]
+= {rhbk-brand-name} metrics
 
 [role="_abstract"]
-Monitor Keycloak fetch operations and diagnose issues by using OpenTelemetry metrics with Prometheus or Grafana.
+Monitor {rhbk-brand-name} ({rhbk}) fetch operations and diagnose issues by using OpenTelemetry metrics with Prometheus or Grafana.
 
-The Keycloak backend plugin supports OpenTelemetry metrics that you can use to monitor fetch operations and diagnose potential issues.
+The {rhbk} backend plugin supports OpenTelemetry metrics that you can use to monitor fetch operations and diagnose potential issues.
 
 == Available Counters
 
-Keycloak metrics:
+{rhbk} metrics:
 
 [cols="60%,40%", frame="all", options="header"]
 |===

diff --git a/titles/configure_configuring-rhdh/master.adoc b/titles/configure_configuring-rhdh/master.adoc
@@ -34,6 +34,8 @@ include::assemblies/configure_configuring-rhdh/assembly-configure-high-availabil
 
 include::assemblies/configure_configuring-rhdh/assembly-run-rhdh-behind-a-corporate-proxy.adoc[leveloffset=+1]
 
+include::assemblies/configure_configuring-rhdh/assembly-configure-trust-for-corporate-certificate-authority-in-rhdh.adoc[leveloffset=+1]
+
 include::assemblies/configure_configuring-rhdh/assembly-use-the-dynamic-plugins-cache.adoc[leveloffset=+1]
 
 include::modules/configure_configuring-rhdh/proc-enable-the-rhdh-plugin-assets-cache.adoc[leveloffset=+1]

diff --git a/titles/extend_configuring-dynamic-plugins/master.adoc b/titles/extend_configuring-dynamic-plugins/master.adoc
@@ -20,8 +20,6 @@ include::assemblies/extend_configuring-dynamic-plugins/assembly-install-and-conf
 
 include::assemblies/extend_configuring-dynamic-plugins/assembly-enable-and-configure-the-jfrog-plugin.adoc[leveloffset=+1]
 
-include::assemblies/extend_configuring-dynamic-plugins/assembly-enable-and-configure-the-keycloak-plugin.adoc[leveloffset=+1]
-
 include::assemblies/extend_configuring-dynamic-plugins/assembly-enable-and-configure-the-nexus-repository-manager-plugin.adoc[leveloffset=+1]
 
 include::modules/shared/proc-enable-the-tekton-plugin.adoc[leveloffset=+1]

diff --git a/titles/observability_monitoring-and-logging/master.adoc b/titles/observability_monitoring-and-logging/master.adoc
@@ -21,3 +21,5 @@ include::assemblies/observability_monitoring-and-logging/assembly-enable-observa
 include::assemblies/observability_monitoring-and-logging/assembly-monitoring-and-logging-rhdh-on.adoc[leveloffset=+1]
 
 include::assemblies/observability_monitoring-and-logging/assembly-monitor-and-log-with-in-rhdh.adoc[leveloffset=+1]
+
+include::assemblies/observability_monitoring-and-logging/assembly-rhbk-metrics-for-rhdh.adoc[leveloffset=+1]
Original file line number	Diff line number	Diff line change
Expand Up		@@ -21,3 +21,5 @@ include::assemblies/observability_monitoring-and-logging/assembly-enable-observa
		include::assemblies/observability_monitoring-and-logging/assembly-monitoring-and-logging-rhdh-on.adoc[leveloffset=+1]

		include::assemblies/observability_monitoring-and-logging/assembly-monitor-and-log-with-in-rhdh.adoc[leveloffset=+1]

		include::assemblies/observability_monitoring-and-logging/assembly-rhbk-metrics-for-rhdh.adoc[leveloffset=+1]