We running old version of keycloak (version: 6.x.x) and now setup a new infrastructure using latest keycloak (18.0.1). We want to migrate all the data in legacy infrastructure to the new infrastructure.
I have tested and found that it is possible migrate clients with existing secrets using APIs. However, is there any way to migrate the users with existing passwords to the new infrastructure.
Please share your thoughts.
There is probably a better way, but what about step by step (minor versions) upgrade from 6.x.x to 18.0.1?
Every minor upgrade will migrate the database, but I never tried from anything lesser than 15.
Thanks for the suggestion. However our old infrastructure is on VMs and database as Microsoft SQL server. There is limited scalability and visibility in the old infra. But new infrastructure is based on kubernetes and database is Postgres. We want to use the new infra going forward and do not want to go on with the SQL server db. Hence the requirement to migrate the data to the new infrastructure.
That being the case, I’d suggest a migration strategy where you create a custom authenticator on the old keycloak, receive the username and password, pass those credentials to a backend service which will recreate the user using the REST api.
When enough users complete the migration you can then switch clients to the new keycloak.
Thanks @weltonrodrigo. Is it possible to migrate users without password and obtain the password from old system at the time of user login?
Why so complicated? Why not just exporting them in the old version and importing them in the new environment?
Export docs for the oldest version I‘ve found: Server Administration Guide (it‘s version 9.x, but this shouldn‘t matter, export hopefully worked the same since the the beginning of Keycloak, AFAIR)
Import docs for the most recent version, based on Quarkus: Importing and Exporting Realms - Keycloak
Thanks @dasniko , I will explore this option.
I was able use this feature. It is very useful for migration. Thanks @dasniko