Keycloak 17 - encrypt traffic to database

Hi keycloak-users out there :slight_smile:

I have been dealing with keycloak in version 15 and got it up running with a cluster.
In this setup a secured database connection to a mariadb is configured.

Now, with keycloak 17 I want to switch to Quarkus. I cant find any options in the documentation Keycloak - Server - Configuring the database to enable the encryption of the traffic to the database.

Is there any further documentation that would close my knowledge gab :smiley: ?

Thanks in advanced

Since db-url expects a jdbc url you should be able to just use the according jdbc parameters, e.g., jdbc:mariadb://

Thx @ThoreKr for your reply.

Yeah, I did it that way in keycloak 15. I found some examples in the www, leading me to the correct syntax. So I inserted this connection string in the standalone-ha.xml. So I got a working mariadb cluster and the connection to keycloak 15 is encrypted.

But in keycloak 17 this file is gone. I only got this three files in the conf folder

keycloak-17.0.0/conf# ls -lah
total 20K
drwxr-xr-x 2 root    root 4,0K Feb 18 12:03 .
drwxr-xr-x 7 root    root 4,0K Feb 18 10:57 ..
-rw-rw-r-- 1 keycloak 1000 3,5K Feb 11 20:10 cache-ispn.xml
-rw-rw-r-- 1 keycloak 1000 1,1K Feb 11 07:00 keycloak.conf
-rw-rw-r-- 1 keycloak 1000  204 Feb 11 07:00
keycloak-17.0.0/conf# more 
Configure the server

Files in this directory are used to configure the server. Please consult the [configuration guides]( for more information.

So here I am, and I read Keycloak - Guides, but I still dont know, where to put this string. Feels, like I just read 50% of what I need to know. Due to the fact that keycloak 17 has a new config scheme, I cant even use google to search for infos. The web is full with deprecated stuff.
Even my keycloak pdf, I bought to get more insights is now deprecated.

Do you have any advice/hint, how to start in keycloak 17. Please dont forget, that I just use keycloak 15 for about 2 month. All I need is a good and solid documentation, cause some questions will rise up after database configuration (e.g. clustering in non multicast network, etc.)

Thanks in advanced

Managing config options in with quarkus basically gives you three options;

  • Startup Parameter
  • Environment Variables
  • Config File

(I think in that priority, the first two might be swapped)

How to set it as startup parameter is shown in the guide you linked: Keycloak - Server - Configuring the database

Alternatively the sample keycloak.conf has these config keys already included (though commented out), you can just set them there.

All config properties can be set using these three ways Keycloak - Server - All configuration also lists the corresponding environment variables. Be aware of the differentiation between build and runtime options (shown in the last column). In case of the database this only affects the db config key.

Edit: Keycloak - Server - Configuring Keycloak the priority of the config sources seems correct.

1 Like