Verify KeyCape discovery without container wget

This commit is contained in:
2026-05-26 02:47:01 +02:00
parent 59c924bc18
commit a47c707a9a
3 changed files with 49 additions and 4 deletions

View File

@@ -135,7 +135,9 @@ bash ./verify-openbao-client.sh
```
The patch script preserves existing secret values and does not print the
decoded `config.yaml` or signing key.
decoded `config.yaml` or signing key. The verifier checks the live Secret and
then opens a short local `kubectl port-forward` to KeyCape; it does not require
`curl` or `wget` inside the KeyCape container image.
Example entry (public client, PKCE, for a SPA):
```yaml