This pull request introduces support for securely managing default passwords for different Keycloak user roles (platform admin, content manager, and organization manager) using environment variables and secrets. The changes ensure that sensitive credentials are not hardcoded and can be easily configured for different environments (development and production). Updates span workflow configuration, application settings, Docker Compose files, and Keycloak import templates.

Keycloak password management and configuration:

• Added new environment variables and secrets for PLATFORM_ADMIN_PASSWORD, CONTENT_MANAGER_PASSWORD, and ORG_MANAGER_TEMP_PASSWORD to .github/workflows/cd.yml, including their usage in workflow steps to improve security and configurability. [1] [2]
• Updated example environment files (.env.dev.example and .env.prod.example) to include placeholders for the new password variables, making it clear how to configure them in different environments. [1] [2]
• Modified Docker Compose files (docker-compose.dev.yml and docker-compose.yml) to pass the new password environment variables to the Keycloak and API services, ensuring the services receive the correct credentials at runtime. [1] [2] [3] [4]

Application and template updates:

• Extended the application settings (settings.py) and service initialization (base_handler.py, realm_handler.py) to support ORG_MANAGER_TEMP_PASSWORD and ensure it is used when creating new Keycloak realms. [1] [2] [3]
• Updated Keycloak import and realm templates to use the new environment variables for setting initial user passwords instead of hardcoded values, improving security and maintainability. [1] [2] [3]

Other minor changes:

• Corrected the path for the Garage service configuration file in docker-compose.dev.yml.