Add KeyCape privacyIDEA token repair flow

This commit is contained in:
2026-05-29 03:07:17 +02:00
parent ab99380dec
commit c7b82df267
5 changed files with 345 additions and 6 deletions

View File

@@ -13,8 +13,9 @@
# ./create-secrets.sh
# kubectl rollout restart deployment/keycape -n sso
#
# The privacyIDEA admin token does NOT expire by default (it is a permanent
# service account token). Store it in KeePassXC as:
# The privacyIDEA admin token may expire depending on the live privacyIDEA
# policy/configuration. Refresh it if KeyCape reports "mfa check error".
# Store the current token in KeePassXC as:
# net-kingdom/KeyCape/pi-admin-token
#
# Requires: kubectl, curl, jq
@@ -108,7 +109,6 @@ echo " Done."
echo ""
echo "Token written to: $TOKEN_FILE"
echo "Token preview : ${TOKEN:0:32}"
echo ""
echo "IMPORTANT: Store this token in KeePassXC → net-kingdom/KeyCape/pi-admin-token"
echo " as a password entry. It cannot be recovered without re-authenticating."