diff --git a/ansible/roles/setup/files/k8s-config/realm.json b/ansible/roles/setup/files/k8s-config/realm.json
deleted file mode 100644
index 67f171ab6f335cc002cf0f1bce932e89a53ff1bb..0000000000000000000000000000000000000000
--- a/ansible/roles/setup/files/k8s-config/realm.json
+++ /dev/null
@@ -1,19 +0,0 @@
-{
-    "realm": "OpenAppStack",
-    "enabled": true,
-    "sslRequired": "external",
-    "registrationAllowed": true,
-    "requiredCredentials": [ "password" ],
-    "roles" : {
-        "realm" : [
-            {
-                "name": "user",
-                "description": "User privileges"
-            },
-            {
-                "name": "admin",
-                "description": "Administrator privileges"
-            }
-        ]
-    }
-}
diff --git a/ansible/roles/setup/files/k8s-config/realm.yml b/ansible/roles/setup/files/k8s-config/realm.yml
index 5117171bcaf09f168d28b4fc5cb49b245335b32b..36fb3816339e069b72c5e458535f18bdf9239bfa 100644
--- a/ansible/roles/setup/files/k8s-config/realm.yml
+++ b/ansible/roles/setup/files/k8s-config/realm.yml
@@ -1,7 +1,27 @@
 apiVersion: v1
-data:
-  realm.json: ewogICAgInJlYWxtIjogIk9wZW5BcHBTdGFjayIsCiAgICAiZW5hYmxlZCI6IHRydWUsCiAgICAic3NsUmVxdWlyZWQiOiAiZXh0ZXJuYWwiLAogICAgInJlZ2lzdHJhdGlvbkFsbG93ZWQiOiB0cnVlLAogICAgInJlcXVpcmVkQ3JlZGVudGlhbHMiOiBbICJwYXNzd29yZCIgXSwKICAgICJyb2xlcyIgOiB7CiAgICAgICAgInJlYWxtIiA6IFsKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgIm5hbWUiOiAidXNlciIsCiAgICAgICAgICAgICAgICAiZGVzY3JpcHRpb24iOiAiVXNlciBwcml2aWxlZ2VzIgogICAgICAgICAgICB9LAogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAibmFtZSI6ICJhZG1pbiIsCiAgICAgICAgICAgICAgICAiZGVzY3JpcHRpb24iOiAiQWRtaW5pc3RyYXRvciBwcml2aWxlZ2VzIgogICAgICAgICAgICB9CiAgICAgICAgXQogICAgfQp9Cg==
-kind: Secret
+kind: configmap
 metadata:
-  creationTimestamp: null
-  name: realm-secret
+  name: keycloak-realm
+data:
+  realm.json: |-
+    {
+      "realm": "OpenAppStack",
+      "enabled": true,
+      "sslRequired": "external",
+      "registrationAllowed": true,
+      "requiredCredentials": [
+        "password"
+      ],
+      "roles": {
+        "realm": [
+          {
+            "name": "user",
+            "description": "User privileges"
+          },
+          {
+            "name": "admin",
+            "description": "Administrator privileges"
+          }
+        ]
+      }
+    }
diff --git a/ansible/roles/setup/tasks/main.yml b/ansible/roles/setup/tasks/main.yml
index ec602853a9b29e4a35e1ddcbb54f5fa7a6bc8d71..22e7121aa9651275f202d0c996daa932204d8e36 100644
--- a/ansible/roles/setup/tasks/main.yml
+++ b/ansible/roles/setup/tasks/main.yml
@@ -83,14 +83,19 @@
     repo: 'https://code.greenhost.net/openappstack/charts'
     dest: '/oas/source/repos/charts'
 
-- name: Configure Keycloak secret
-  # realm.yml got generated by:
-  # kubectl create secret generic realm-secret --from-file=realm.json --dry-run -o yaml > realm.yml
+- name: Configure Keycloak realm configmap
   k8s:
     state: present
     namespace: default
+    force: True
     definition: "{{ lookup('file', 'k8s-config/realm.yml') }}"
 
+- name: Remove old Keycloak secret
+  k8s:
+    state: absent
+    namespace: default
+    kind: secret
+    name: "realm-secret"
 
 - name: Ensure /oas/config/values/apps directory
   file: