keycloak-config-cli is a Keycloak utility to ensure the desired configuration state for a realm based on a JSON file. The format of the JSON file based on the export realm format. Store and handle the configuration files inside git just like normal code. A Keycloak restart isn't required to apply the configuration.
The config files are based on the keycloak export files. You can use them to re-import your settings. But keep your files as small as possible. Remove all UUIDs and all stuff which is default set by keycloak.
moped.json is a full working example file you can consider. Other examples are located in the test resources.
See: docs/FEATURES.md
| keycloak-config-cli | Keycloak 4.x - Keycloak 7.x | Keycloak 8.x - 10.x |
|---|---|---|
| v0.8.x | ✓ | ✗ |
| v1.0.x - v2.0.x | ✗ | ✓ |
| master | ✗ | ✓ |
✓Supported✗Not supported
$ mvn packageWe are using TestContainers in our integration tests. To run the integration tests a configured docker environment is required.
$ mvn verifyStart a local keycloak on port 8080:
$ docker-compose down --remove-orphans && docker-compose up keycloakbefore performing following command:
$ java -jar ./target/config-cli.jar \
--keycloak.url=http://localhost:8080 \
--keycloak.ssl-verify=true \
--keycloak.user=admin \
--keycloak.password=admin123 \
--import.path=./contrib/example-config/moped.json$ docker run \
-e KEYCLOAK_URL=http://<your keycloak host>:8080 \
-e KEYCLOAK_USER=<keycloak admin username> \
-e KEYCLOAK_PASSWORD=<keycloak admin password> \
-e WAIT_TIME_IN_SECONDS=120 \
-e IMPORT_PATH=/config \
-e IMPORT_FORCE=false \
-v <your config path>:/config \
adorsys/keycloak-config-cli:latest| Variable | Description | Default |
|---|---|---|
| WAIT_TIME_IN_SECONDS | Timeout in seconds for waiting keycloak until reachable | 120 |
| KEYCLOAK_URL | Keycloak Url without /auth |
- |
| KEYCLOAK_USER | login user name | admin |
| KEYCLOAK_PASSWORD | login user name | - |
| KEYCLOAK_CLIENTID | login clientId | admin-cli |
| KEYCLOAK_LOGINREALM | login realm | master |
| KEYCLOAK_SSLVERIFY | Verify ssl connection to keycloak | true |
| IMPORT_PATH | Location of config files | /config |
| IMPORT_FORCE | Enable force import of realm config | false |
| IMPORT_CACHEKEY | Cache key for importing config. | default |
| IMPORT_STATE | Enable state management. Purge only resources managed by kecloak-config-cli. | true |
keycloak-config-cli provides experimental native builds based on GraalVM native image.
Benefits:
- No java required
- smaller footprint (less cpu, less memory, less image size)
- Speed. Running sample config in 5 seconds. (8 seconds on normal builds)
Limitations:
- YAML based properties not supported. Use environment variable, command line parameters or old style properties.
- Some dynamic jvm features needs to be define manually in graalvm. The list isn't complete which can be result in an unexpected behavior.
It might be not production ready yet.
mvn -Dresume=false -DdryRun=true release:prepare
mvn -Dresume=false release:prepare
![@dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=64&v=4){kind=small}
![@github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=64&v=4){kind=small}
