From 924e51ffaa4db84e17985eaecf4029638c71add0 Mon Sep 17 00:00:00 2001
From: "Adrian A. Baumann" <ade@adebaumann.com>
Date: Sun, 1 Mar 2026 00:45:07 +0100
Subject: [PATCH] feat(sso): add Keycloak settings to database.py and Helm
 ConfigMap

---
 backend/app/database.py                  | 5 +++++
 helm/shorefront/templates/configmap.yaml | 4 ++++
 helm/shorefront/values.yaml              | 6 ++++++
 3 files changed, 15 insertions(+)

diff --git a/backend/app/database.py b/backend/app/database.py
index d709403..94dba97 100644
--- a/backend/app/database.py
+++ b/backend/app/database.py
@@ -8,6 +8,11 @@ class Settings(BaseSettings):
     jwt_secret_key: str
     jwt_algorithm: str = "HS256"
     jwt_expire_minutes: int = 60
+    keycloak_url: str
+    keycloak_realm: str
+    keycloak_client_id: str
+    keycloak_client_secret: str
+    keycloak_redirect_uri: str
 
     class Config:
         env_file = ".env"
diff --git a/helm/shorefront/templates/configmap.yaml b/helm/shorefront/templates/configmap.yaml
index 4fbb74c..2a51d5a 100644
--- a/helm/shorefront/templates/configmap.yaml
+++ b/helm/shorefront/templates/configmap.yaml
@@ -10,3 +10,7 @@ data:
   POSTGRES_USER: {{ .Values.postgres.user | quote }}
   JWT_ALGORITHM: "HS256"
   JWT_EXPIRE_MINUTES: "60"
+  KEYCLOAK_URL: {{ .Values.keycloak.url | quote }}
+  KEYCLOAK_REALM: {{ .Values.keycloak.realm | quote }}
+  KEYCLOAK_CLIENT_ID: {{ .Values.keycloak.clientId | quote }}
+  KEYCLOAK_REDIRECT_URI: {{ .Values.keycloak.redirectUri | quote }}
diff --git a/helm/shorefront/values.yaml b/helm/shorefront/values.yaml
index 1d8d628..b3de3cf 100644
--- a/helm/shorefront/values.yaml
+++ b/helm/shorefront/values.yaml
@@ -35,5 +35,11 @@ ingress:
   host: shorefront.baumann.gr
   ingressClassName: traefik
 
+keycloak:
+  url: https://sso.baumann.gr
+  realm: homelab
+  clientId: shorefront
+  redirectUri: https://shorefront.baumann.gr/api/auth/oidc/callback
+
 containers:
   version: "0.002"