I have a client who’s pushing back on my recommendation to let Keycloak have its own dedicated database. They’d rather use a single shared database for both Keycloak and their LOB application(s). I think they’re just feeling very resource constrained, on both hardware and humans, and so adding in a whole other database feels like a huge undertaking for them, enough to trump my “in my professional opinion” and “best practices” counsel. Which is fair enough.
I’ve done a bit of Googling, but I’ve not come up with a nice, easy-to-read recommendation for a separate database for Keycloak, or for any auth system in general. So I though I’d check if folks here could point me at anything.