Korean Quick Start Guide is available here
Prerequisites:
- Docker and Docker Compose installed
- curl and Python 3
docker-compose up -d# Wait for Keycloak to be ready
sleep 30
# Initialize Keycloak
./init-keycloak.sh# Initialize Vault
./init-vault.shThis script automatically performs the following:
- Enables JWT authentication method
- Configures Keycloak integration
- Enables KV secrets engine (for Jira, Github)
- Enables Database secrets engine (for PostgreSQL)
- Configures PostgreSQL connection and creates dynamic roles
- Creates user-specific policies using Policy Templating
- Creates JWT role
- Initializes user-specific credentials (alice: Jira, Github, PostgreSQL / bob: Github, PostgreSQL)
The init-vault.sh script automatically creates credentials:
- alice: All credentials created (Jira, Github, PostgreSQL)
- bob: Only Github and PostgreSQL credentials created (no Jira - for demo purposes)
To verify credentials:
# Check Alice's credentials
docker exec -e VAULT_TOKEN=root-token vault vault kv get secret/users/alice/jira
docker exec -e VAULT_TOKEN=root-token vault vault kv get secret/users/alice/github
docker exec -e VAULT_TOKEN=root-token vault vault read database/roles/alice
# Check Bob's credentials
docker exec -e VAULT_TOKEN=root-token vault vault kv get secret/users/bob/github
docker exec -e VAULT_TOKEN=root-token vault vault read database/roles/bobOpen http://localhost:8501 in your browser
Login Information:
- Username:
alice/ Password:alice123 - Username:
bob/ Password:bob123
- Login: Authenticate with Keycloak
- Select MCP Server: Select one or more MCP servers (multiple selection via checkboxes)
- Jira: Manage Jira issues and projects
- Github: Manage GitHub repositories and issues
- PostgreSQL: Query and manage PostgreSQL database
- Click "Load Tools":
- Load available tool list
- Authentication Flow Trace automatically displayed
- Select and Execute Tools: Select desired tool, enter parameters, and execute
The following information is automatically displayed when clicking "Load Tools":
- Step 1-2: User login and JWT issuance information
- Step 3: MCP server request status
- Step 4-5: Vault authentication and Entity information
- Step 6: Credential status for each MCP server
- User Information: User ID (JWT's
sub), Username, Email - Vault Path: Vault path where current user's credentials are stored
- Credentials (Masked): Masked credentials (partial display for security)
- Credential Existence: Check if credentials exist for each MCP server
- User Information: User ID (JWT's
This allows you to verify that each user only retrieves their own credentials.
# All service status
docker-compose ps
# Specific service logs
docker-compose logs -f streamlit-client
docker-compose logs -f jira-mcp-server
docker-compose logs -f vaultdocker-compose logs keycloak
docker-compose restart keycloakdocker exec -e VAULT_TOKEN=root-token vault vault status
docker-compose logs vaultdocker-compose logs jira-mcp-server
docker-compose logs github-mcp-server
docker-compose logs postgresql-mcp-server# Check Vault policy
docker exec -e VAULT_TOKEN=root-token vault vault policy read user-secrets
# Check Vault logs
docker-compose logs vault