diff --git a/helm/shorefront/templates/backend-deployment.yaml b/helm/shorefront/templates/backend-deployment.yaml
index 455e8e0..e9dc362 100644
--- a/helm/shorefront/templates/backend-deployment.yaml
+++ b/helm/shorefront/templates/backend-deployment.yaml
@@ -33,6 +33,31 @@ spec:
                   key: JWT_SECRET_KEY
             - name: DATABASE_URL
               value: "postgresql://{{ .Values.postgres.user }}:$(POSTGRES_PASSWORD)@postgres:5432/{{ .Values.postgres.database }}"
+            - name: KEYCLOAK_URL
+              valueFrom:
+                configMapKeyRef:
+                  name: shorefront-config
+                  key: KEYCLOAK_URL
+            - name: KEYCLOAK_REALM
+              valueFrom:
+                configMapKeyRef:
+                  name: shorefront-config
+                  key: KEYCLOAK_REALM
+            - name: KEYCLOAK_CLIENT_ID
+              valueFrom:
+                configMapKeyRef:
+                  name: shorefront-config
+                  key: KEYCLOAK_CLIENT_ID
+            - name: KEYCLOAK_REDIRECT_URI
+              valueFrom:
+                configMapKeyRef:
+                  name: shorefront-config
+                  key: KEYCLOAK_REDIRECT_URI
+            - name: KEYCLOAK_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: shorefront-secret
+                  key: KEYCLOAK_CLIENT_SECRET
       containers:
         - name: backend
           image: "{{ .Values.backend.image }}:{{ .Values.containers.version }}"
@@ -60,6 +85,31 @@ spec:
                 configMapKeyRef:
                   name: shorefront-config
                   key: JWT_EXPIRE_MINUTES
+            - name: KEYCLOAK_URL
+              valueFrom:
+                configMapKeyRef:
+                  name: shorefront-config
+                  key: KEYCLOAK_URL
+            - name: KEYCLOAK_REALM
+              valueFrom:
+                configMapKeyRef:
+                  name: shorefront-config
+                  key: KEYCLOAK_REALM
+            - name: KEYCLOAK_CLIENT_ID
+              valueFrom:
+                configMapKeyRef:
+                  name: shorefront-config
+                  key: KEYCLOAK_CLIENT_ID
+            - name: KEYCLOAK_REDIRECT_URI
+              valueFrom:
+                configMapKeyRef:
+                  name: shorefront-config
+                  key: KEYCLOAK_REDIRECT_URI
+            - name: KEYCLOAK_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: shorefront-secret
+                  key: KEYCLOAK_CLIENT_SECRET
           ports:
             - containerPort: 8000
           resources:
diff --git a/scripts/create-secrets.sh b/scripts/create-secrets.sh
index 787a2e5..adb7cf2 100755
--- a/scripts/create-secrets.sh
+++ b/scripts/create-secrets.sh
@@ -12,6 +12,7 @@ fi
 # --- Validate required env vars ---
 : "${POSTGRES_PASSWORD:?POSTGRES_PASSWORD is required}"
 : "${JWT_SECRET_KEY:?JWT_SECRET_KEY is required}"
+: "${KEYCLOAK_CLIENT_SECRET:?KEYCLOAK_CLIENT_SECRET is required}"
 
 echo "Creating namespace '${NAMESPACE}' if it does not exist..."
 kubectl create namespace "${NAMESPACE}" --dry-run=client -o yaml | kubectl apply -f -
@@ -21,6 +22,7 @@ kubectl create secret generic shorefront-secret \
   --namespace "${NAMESPACE}" \
   --from-literal="POSTGRES_PASSWORD=${POSTGRES_PASSWORD}" \
   --from-literal="JWT_SECRET_KEY=${JWT_SECRET_KEY}" \
+  --from-literal="KEYCLOAK_CLIENT_SECRET=${KEYCLOAK_CLIENT_SECRET}" \
   --dry-run=client -o yaml | kubectl apply -f -
 
 echo "Done. Secret 'shorefront-secret' is ready in namespace '${NAMESPACE}'."