Define custom 2fa secret

We are trying to integrate our application with keycloak. Some of our users are already using 2fa in our system, so the 2fa secrets are stored in our DB. My question is about if there’s any way to migrate these 2fa secrets along with users to keycloak?

In the Server Developer Guide, there is an example of how to build a “secret question” Authenticator, which will extend the login process and add a credential type. It is very similar to your need. You could probably modify the extension to do what you need, and then import your “2fa secrets” directly to the credential table in the db.

https://www.keycloak.org/docs/latest/server_development/#_auth_spi_walkthrough