I’d like to try and export my realm configurations and the documentation says that in order to do so I must stop the server. I am running keycloak in Docker with the latest quay image, but when I exec into the container and run --help
, there is no indication on how to stop keycloak server, and I haven’t found an answer elsewhere. What am I overlooking?
See this thread: Keycloak 17 docker container : How to export/import realm? (import must be done on container startup) - #21 by weltonrodrigo
The basic idea is that you’ll run the container with another command, not the default.
Thank you for linking the thread. There is a post in there explaining that there is an option for Action → Partial import/Partial export in the top right of Realm Settings, which I had missed until now.
This exports a lot of configurations, so now I am wondering a few more things. Is there a particular reason for why this isn’t in the documentation page on importing/exporting? For example is this somehow a different procedure? With the admin GUI there is no option to export users, whereas the commands in the docs indicate that this is possible with the CLI commands.
Also, in the case that I did create the custom image to run the container with another command as suggested, that seems only to be about importing configurations. So am I right in thinking that I should be exporting my configs manually but importing automatically on every container startup?
It depends on what you are trying to do.
If you just need to export the realm (with users) to take it to another keycloak deployment (or for some sort of backup), you only need to import them once, a the import consists in inserting the realm and the users in the database.
If you are trying to create some sort of immutable deployment of keycloak (with a fixed realm and users), with no external database, then you can do the import at docker build time once and then use the container normally.
What are you trying to do?
At the moment I have a docker setup that is quite minimal, and I have been learning the basics of how keycloak works in general. But if I were to take this further I am assuming backups will become important so I started looking into this. At the moment I am just trying to understand what approach I should take for dealing with backups if I run keycloak in production.
I guess I don’t need to export my users since I’ll be using a database, but in the case of the realm export/import, the other thread suggests that we need to run the import on the container startup (with the custom entrypoint). I’m not attempting (intentionally!) to do anything out of the ordinary, in fact I am just trying to understand what a common approach might be to backing up these settings (e.g. is it safe to store the export in vc?) and using this with kubernetes.
In that case, just backup the database.