Skip to content

chore: Switch Keycloak to managed DB service #213

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
martyngigg merged 1 commit into from
Jan 22, 2026
Merged

chore: Switch Keycloak to managed DB service #213

martyngigg merged 1 commit into from
Jan 22, 2026

Conversation

@martyngigg
Copy link
Contributor

@martyngigg martyngigg commented Jan 22, 2026
edited by coderabbitai bot
Loading

Summary

Keycloak was using a postgres DB hosted on the same node. This switches to a DB managed by DB services.

This has been deployed to the QA infrastructure.

Summary by CodeRabbit

Release Notes

  • Infrastructure
    • Enhanced database configuration security by implementing vault-backed credential management.
    • Improved deployment flexibility with configurable database host and port settings instead of hardcoded values.

✏️ Tip: You can customize this high-level summary in your review settings.

@coderabbitai
Copy link

coderabbitai bot commented Jan 22, 2026
edited
Loading

📝 Walkthrough

Walkthrough

The pull request decouples Keycloak deployment from local PostgreSQL provisioning. The postgres role is removed from the deployment playbook, database configuration switches to vault-backed variables, and the database host reference changes from "postgres" to a vault-defined remote host.

Changes

Cohort / File(s) Summary
Keycloak Deployment Configuration
infra/ansible-docker/playbooks/keycloak/group_vars/keycloak.yml		 Updated database credentials from hardcoded values to vault-backed variables (vault_keycloak_db_name, vault_keycloak_db_user). Removed local PostgreSQL-specific configuration block including postgres port, user, password, and data path settings.
Keycloak Container Environment
infra/ansible-docker/roles/keycloak/tasks/main.yml		 Modified KC_DB_URL to reference vault-defined database host and port (vault_db_host:vault_db_port) instead of hardcoded "postgres" hostname with keycloak database port.
Keycloak Deployment Playbook
infra/ansible-docker/playbooks/keycloak/deploy.yml		 Removed postgres role execution from the keycloak deployment sequence, eliminating local database provisioning from this workflow.

Poem

🐰 Hop away, postgres local role,
Vault secrets now make our database whole!
Remote hosts and credentials so secure,
Our keycloak deployment's now truly pure!
Infrastructure dancing in harmony bright! ✨

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately describes the main change: switching Keycloak from a local PostgreSQL database to a managed DB service, as evidenced by removal of postgres role, vault-backed DB variables, and updated host/port configuration.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@martyngigg martyngigg merged commit aa1111c into main Jan 22, 2026
2 checks passed
@martyngigg martyngigg deleted the keycloak-database branch January 22, 2026 11:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@martyngigg