Post-Deploy TODOs

Post-Deploy TODOs

  • Realm export cron — scheduled JSON export to encrypted backup

  • Monitoring — Keycloak health endpoint in Grafana/Uptime Kuma

  • Document admin password in gopass (infra/keycloak/admin)

  • Vault PKI cert auto-renewal — cron or certbot-vault integration

  • HA planning — keycloak-02 (10.50.1.81) as future replica

  • Update SPOF tracker — remove Keycloak entry after validation

  • Update HA status tracker — mark Keycloak as ✅ COMPLETE

  • Update deferred tracker — remove Keycloak Rebuild entry

  • Cross-reference from domus-identity-ops project