Configuration Management for Keycloak

The challenge

The Java-based Open Source Identity and Access Management solution Keycloak offers high system security and social logins for modern applications and services.

Unlike a web server, Keycloak does not include a configuration file; all configurations of a realm are stored in the database. Hence, changes in the Keycloak must always be made manually via the Web UI. This is error-prone and often a no-go in a fully automated environment.

The solution

Our Open Source developer tool keycloak-config-cli is a Keycloak utility to ensure the desired configuration state for a realm based on a JSON file. It allows complete automation of a keycloak realm via a configuration file.

While Keycloak only supports this during the creating stage of the realm, our keycloak-config-cli can also be used to conveniently manage and configure existing realms. Manual configuration via a WebUI is therefore no longer necessary.

Especially in agile software development, the strength of a Configuration as Code – approach of our keycloak-config-cli comes into play: Multiple stages are provided and fully automated or scripted. Subsequent configuration changes are also automatically imported into the environments in the same way as during the initial setup.

The format of the JSON file is based on the export realm format.  The configuration files can be stored and handled inside git just like normal code. A Keycloak restart isn’t required to apply the configuration.

The benefits

No more manual configuration in the Keycloak Web UI

• Configuration as part of the application code

Automated rollouts / config updates

• Faster configuration and reduced downtime

Are you ready to get started?

Access the Open Source project in GitHub for more information.

For more information, please contact

Andre Achtstaetter adorsys

Andre Achtstaetter