Did you ever think about more advanced startup configuration in KeyCloak?
I’m working with KeyCloak on AWS. We are trying to have every configuration stored in git for easy audit, change accepting etc.
I know KeyCloak has https://www.keycloak.org/docs/latest/server_admin/#_export_import
API import/export seems to be nice, but usage is a little too complicated. I need to create a client, establish API connection, manage passwords, access etc.
A lot of work for simple passing configuration file(s).
Command-line import/export lacks of partial import (I don’t want to remove realm and have small downtime, lost users).
BTW I’m using docker (ECS), so using command line import/export is complicated. Yet it would be great to somehow pass configuration in a similar way as enviroment variable.
Did someone think about it? Maybe someone has an idea of how this could be resolved in the future? Maybe by some extension?
1 Like
API import/export seems to be nice, but usage is a little too complicated.
It took me a while to sort things out, however, its working for me now.
Export
To export your database into a single JSON file:
docker exec -it keycloak /opt/jboss/keycloak/bin/standalone.sh \
-Djboss.socket.binding.port-offset=100 \
-Dkeycloak.migration.action=export \
-Dkeycloak.migration.provider=singleFile \
-Dkeycloak.migration.file=/serendipity/keycloak-export.json
Import from the Command Line
Start with a blank canvas:
docker container stop keycloak
docker container rm keycloak
docker run -d --name keycloak \
-p 10001:8080 \
-v ~/workspace/Robinyo/serendipity:/serendipity \
-e KEYCLOAK_USER=admin \
-e KEYCLOAK_PASSWORD=secret \
jboss/keycloak
To import from a (previously exported) file into your database:
docker exec -it keycloak /opt/jboss/keycloak/bin/standalone.sh \
-Djboss.socket.binding.port-offset=100 \
-Dkeycloak.migration.action=import \
-Dkeycloak.migration.provider=singleFile \
-Dkeycloak.migration.file=/serendipity/keycloak-export.json
When the import is complete use Ctrl-C to exit the session.
Ref: