adorsys keycloak-config-cli

Configuration Management for Keycloak

Our open source developer tool keycloak-config-cli is a keycloak utility for securing a desired configuration state for a realm based on a JSON file. It allows complete automation of a Keycloak realm via a configuration file.

The challenge

The Java-based open source identity and access management solution Keycloak provides high system security and social logins for modern applications and services.

Unlike a web server, Keycloak does not contain a configuration file; all configurations of a realm are stored in the database. Therefore, changes to Keycloak must always be made manually via the web UI. This is error-prone and often a no-go in a fully automated environment.

The solution

Our open source developer tool keycloak-config-cli is a keycloak utility for securing a desired configuration state for a realm based on a JSON file. It allows complete automation of a Keycloak realm via a configuration file.

While Keycloak only supports this during the realm creation phase, our keycloak-config-cli can also be used to conveniently manage and configure existing realms. Manual configuration via a WebUI is no longer necessary.

Especially in agile software development the strength of the configuration as code approach of our keycloak-config-cli comes into play: Multiple steps are provided and fully automated or scripted. Subsequent configuration changes are also automatically imported into the environments in the same way as the initial setup.

The format of the JSON file is based on the export realm format. The configuration files can be stored and edited in git just like normal code. There’s no need to restart Keycloak to apply the configuration.

The benefits

  • No more manual configuration in the Keycloak Web UI
  • Configuration as part of the application code
  • Automated rollouts / configuration updates
  • Faster configuration and less downtime