Configure additional datasource while RUNNING (not building) Docker container

Dear community,

I have created a custom UserStorageProvider that uses a separate database. I followed the qickstart from https://github.com/keycloak/keycloak-quickstarts/tree/latest/extension/user-storage-jpa by adding a custom persistence.xml and specifying the URL, user and password in quarkus.properties.

Now, I want to provide a Docker image of Keycloak with my extension pre-installed. Since the database URL and credentials are dynamic, they should not be included in the Docker image. Instead, I want to specify them while running the container.

For the Keycloak default data source. this can be done by specifying environment variables, as documented in Running Keycloak in a container. Unfortunately, I cannot find an equivalent solution for custom data source properties. There is a similar discussion on GitHub (Define Quarkus Properties from env vars · keycloak/keycloak · Discussion #22798 · GitHub) which does not provide a solution.

Additionally, since I am using an unsupported database (with db-kind=other), I have to specify a driver class. Since quarkus.datasource."datasource-name".jdbc.driver seems to be a build time option, I would like to do this during Docker build time. Is it possible to have some raw Quarkus properties in the Docker image and some others (the URL, user and password, which are not build time properties) to be set at runtime? Configuring Keycloak only speaks of quarkus.properties as a single file.

I would be glad if anyone could point me to a solution.
Best regards, Martin

In one of my projects, I’ve set (or at least overwritten) Quarkus props from environment variables startup.

1 Like

If you are trying to define separate database connection properties, specifically for use in your extension, you can use the spi-* variables as described here Configuring providers - Keycloak and then load them in your provider’s init method from the org.keycloak.Config.Scope

1 Like

Hi @dasniko,

thanks for your suggesstion, that worked. I now set my properties as such:

quarkus.datasource.my-userstore-pg.db-kind=postgresql
quarkus.datasource.my-userstore-pg.jdbc.url=jdbc:postgresql://${MY_PG_HOST}:${MY_PG_PORT:5432}/${MY_PG_DB}
quarkus.datasource.my-userstore-pg.username=${MY_PG_USER}
quarkus.datasource.my-userstore-pg.password=${MY_PG_PASS}

This also allows me to use static values for build time properties like the driver class.

1 Like

Hi @xgp,

I know how I can access the spi-* variables, but I do not understand how I can use these properties to configure a data source. Do you have an example for that?

Hi @martinleim I’m facing the same issue, and I can’t see how the environment variables are a working as a solution. They are still to be known at build time, not at runtime, aren’t they?

Hi @jordibuj ,

They are still to be known at build time, not at runtime, aren’t they?

No, they don’t - the values are applied on runtime. I can change the values without running Keycloak with --build again.