From 590d8e4e037e9bae490a06a894df67a7d829127f Mon Sep 17 00:00:00 2001
From: Paul Wright <5154224+pwright@users.noreply.github.com>
Date: Wed, 20 Nov 2024 00:20:09 +0000
Subject: [PATCH] update env var docs for keycloak (#5551)

---
 .../ref-registry-security-configuration.adoc     | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/docs/modules/ROOT/partials/getting-started/ref-registry-security-configuration.adoc b/docs/modules/ROOT/partials/getting-started/ref-registry-security-configuration.adoc
index 704b7e769d..da35d2da5e 100644
--- a/docs/modules/ROOT/partials/getting-started/ref-registry-security-configuration.adoc
+++ b/docs/modules/ROOT/partials/getting-started/ref-registry-security-configuration.adoc
@@ -52,6 +52,22 @@ You can set the following environment variables to configure authentication for
 |The client ID for the {registry} web console.
 |String
 |`apicurio-registry`
+
+|`QUARKUS_OIDC_TLS_TRUST_STORE_FILE`
+| Specifies the file path to the TLS trust store used by Quarkus for securing OpenID Connect (OIDC) communications. The trust store can be populated with the trusted certificates needed to establish secure TLS connections with the OIDC provider.
+|String
+|- 
+
+|`QUARKUS_OIDC_TLS_TRUST_STORE_PASSWORD`
+|The password required to access the TLS trust store file. 
+|String
+|-
+
+|`ROLE_BASED_AUTHZ_ENABLED`
+|Enables or disables role-based authorization.
+|Boolean
+|False
+
 |===
 
 [discrete]