From cd5f642d6104eceb435c037f27a2e7109562a6b7 Mon Sep 17 00:00:00 2001
From: brownzebra <mdillo2@gmail.com>
Date: Wed, 11 Feb 2026 13:54:41 +0200
Subject: [PATCH 1/3] fix: initial-devuser-password-es

---
 sources/keycloak-config/templates/keycloak-secrets.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/sources/keycloak-config/templates/keycloak-secrets.yaml b/sources/keycloak-config/templates/keycloak-secrets.yaml
index 125dd2e1..1a6abfe4 100644
--- a/sources/keycloak-config/templates/keycloak-secrets.yaml
+++ b/sources/keycloak-config/templates/keycloak-secrets.yaml
@@ -24,6 +24,10 @@ spec:
         key: airm-ci-client-secret
         property: value
       secretKey: CI_CLIENT_SECRET
+    - remoteRef:
+        key: keycloak-initial-devuser-password
+        property: value
+      secretKey: KEYCLOAK_INITIAL_DEVUSER_PASSWORD
   refreshInterval: 1h
   secretStoreRef:
     kind: ClusterSecretStore

From 7c7ab921005633a32bf68da2fd41271ad2d50bf3 Mon Sep 17 00:00:00 2001
From: brownzebra <mdillo2@gmail.com>
Date: Wed, 11 Feb 2026 14:07:03 +0200
Subject: [PATCH 2/3] fix: initial-devuser-password-es

---
 sources/keycloak-old/templates/es-airm-realm-credentials.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/sources/keycloak-old/templates/es-airm-realm-credentials.yaml b/sources/keycloak-old/templates/es-airm-realm-credentials.yaml
index e4b75495..eddf2c8d 100644
--- a/sources/keycloak-old/templates/es-airm-realm-credentials.yaml
+++ b/sources/keycloak-old/templates/es-airm-realm-credentials.yaml
@@ -41,6 +41,10 @@ spec:
         key: argocd-client-secret
         property: value
       secretKey: ARGOCD_CLIENT_SECRET
+    - remoteRef:
+        key: keycloak-initial-devuser-password
+        property: value
+      secretKey: KEYCLOAK_INITIAL_DEVUSER_PASSWORD
   refreshInterval: 1h
   secretStoreRef:
     kind: ClusterSecretStore

From 2e297bd628d8785da93338ea62d027c918833c9e Mon Sep 17 00:00:00 2001
From: brownzebra <mdillo2@gmail.com>
Date: Wed, 11 Feb 2026 15:23:40 +0200
Subject: [PATCH 3/3] fix: initial-devuser-password in deployment and realm

---
 sources/keycloak-old/templates/keycloak-deployment.yaml    | 6 ++++++
 .../templates/keycloak-realm-templates-cm.yaml             | 7 ++-----
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/sources/keycloak-old/templates/keycloak-deployment.yaml b/sources/keycloak-old/templates/keycloak-deployment.yaml
index d26e0115..bcbaf144 100644
--- a/sources/keycloak-old/templates/keycloak-deployment.yaml
+++ b/sources/keycloak-old/templates/keycloak-deployment.yaml
@@ -110,6 +110,7 @@ spec:
                   sed -i -e "s/__MINIO_CLIENT_SECRET__/$MINIO_CLIENT_SECRET/g" /opt/realms/airm-realm.json
                   sed -i -e "s/__GITEA_CLIENT_SECRET__/$GITEA_CLIENT_SECRET/g" /opt/realms/airm-realm.json
                   sed -i -e "s/__ARGOCD_CLIENT_SECRET__/$ARGOCD_CLIENT_SECRET/g" /opt/realms/airm-realm.json
+                  sed -i -e "s/__DEVUSER_INITIAL_PASSWORD__/$DEVUSER_INITIAL_PASSWORD/g" /opt/realms/airm-realm.json
               else
                   echo "Warning: /opt/realm_templates/airm-realm.json not found, skipping airm realm setup"
               fi
@@ -154,6 +155,11 @@ spec:
                 secretKeyRef:
                   key: ARGOCD_CLIENT_SECRET
                   name: airm-realm-credentials
+            - name: DEVUSER_INITIAL_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: KEYCLOAK_INITIAL_DEVUSER_PASSWORD
+                  name: airm-realm-credentials
           image: ghcr.io/silogen/keycloak-init:0.1
           name: init-realm-scripts
           volumeMounts:
diff --git a/sources/keycloak-old/templates/keycloak-realm-templates-cm.yaml b/sources/keycloak-old/templates/keycloak-realm-templates-cm.yaml
index d9c65c90..15a269fc 100644
--- a/sources/keycloak-old/templates/keycloak-realm-templates-cm.yaml
+++ b/sources/keycloak-old/templates/keycloak-realm-templates-cm.yaml
@@ -549,12 +549,9 @@ data:
           "totp": false,
           "credentials": [
             {
-              "id": "596f57d5-41d0-4dd8-bd6f-bb16db235be2",
               "type": "password",
-              "userLabel": "My password",
-              "createdDate": 1746628471958,
-              "secretData": "{\"value\":\"15oUl8X/o/maH7BWBI4mGDj7WFXPXSc+BbPsIBTcqHE=\",\"salt\":\"RDnI5bojai0rUPa5j7T1rQ==\",\"additionalParameters\":{}}",
-              "credentialData": "{\"hashIterations\":5,\"algorithm\":\"argon2\",\"additionalParameters\":{\"hashLength\":[\"32\"],\"memory\":[\"7168\"],\"type\":[\"id\"],\"version\":[\"1.3\"],\"parallelism\":[\"1\"]}}"
+              "value": "__DEVUSER_INITIAL_PASSWORD__",
+              "temporary": false
             }
           ],
           "disableableCredentialTypes": [],