Key Vault — cerebro-auth-kv
Azure Key Vault stores all secrets for the auth stack and HITL platform — database passwords, API keys, client secrets, and certificates.
Details
| Field | Value |
|---|---|
| Vault name | cerebro-auth-kv-62be6d5f |
| Vault URI | https://cerebro-auth-kv-62be6d5f.vault.azure.net/ |
| Resource group | testing |
| Region | South India |
| SKU | Standard |
What's Stored Here
| Secret Name Pattern | Content |
|---|---|
keycloak-* | Keycloak admin credentials, client secrets |
openfga-* | OpenFGA API keys and store IDs |
postgres-* | Database passwords |
acr-* | Container registry credentials |
anthropic-* | Claude API keys |
How to Access Secrets
Via Azure Portal
- portal.azure.com → Resource groups → testing →
cerebro-auth-kv-62be6d5f - Click Secrets → click a secret name → click the current version → Show Secret Value
Via Azure CLI
# List all secrets (names only)
az keyvault secret list \
--vault-name cerebro-auth-kv-62be6d5f \
--output table
# Get a specific secret value
az keyvault secret show \
--vault-name cerebro-auth-kv-62be6d5f \
--name <secret-name> \
--query value \
-o tsv
How to Add or Update a Secret
az keyvault secret set \
--vault-name cerebro-auth-kv-62be6d5f \
--name my-api-key \
--value "the-secret-value"
Using Key Vault Secrets in Container Apps
Container Apps can reference Key Vault secrets directly:
az containerapp secret set \
--name my-container-app \
--resource-group testing \
--secrets "MY_SECRET=keyvaultref:https://cerebro-auth-kv-62be6d5f.vault.azure.net/secrets/my-api-key,identityref:/subscriptions/.../userAssignedIdentities/..."
tip
Always store secrets in Key Vault — never hard-code them in Dockerfiles or environment variable definitions in the portal.
Access Policies
Key Vault uses Azure RBAC. To grant access to a new person or managed identity:
az role assignment create \
--role "Key Vault Secrets User" \
--assignee <user-email-or-object-id> \
--scope /subscriptions/62be6d5f-97a5-4764-9bc9-ceb85a39a1f4/resourceGroups/testing/providers/Microsoft.KeyVault/vaults/cerebro-auth-kv-62be6d5f