diff --git a/docs/Configuring.md b/docs/Configuring.md
index 8480a12bec..ebdc752efc 100644
--- a/docs/Configuring.md
+++ b/docs/Configuring.md
@@ -317,7 +317,7 @@ server:
   auth:
     enabled: true
     enforceDPoP: false
-    public_client_id: 'opentdf-public' # DEPRECATED
+    # public_client_id: 'opentdf-public' # DEPRECATED
     audience: 'http://localhost:8080'
     issuer: http://keycloak:8888/auth/realms/opentdf
     policy:
diff --git a/service/cmd/keycloak_data.yaml b/service/cmd/keycloak_data.yaml
index 57ef4698ee..0040026809 100644
--- a/service/cmd/keycloak_data.yaml
+++ b/service/cmd/keycloak_data.yaml
@@ -71,6 +71,16 @@ realms:
           secret: secret
           protocolMappers:
             - *customAudMapper
+      - client:
+          clientID: cli-client
+          enabled: true
+          name: cli-client
+          serviceAccountsEnabled: false
+          publicClient: true
+          redirectUris:
+            - 'http://localhost:*'
+          protocolMappers:
+            - *customAudMapper
       - client:
           clientID: opentdf-public
           enabled: true