For securing a frontend application, I created a new Keycloak client with a custom configuration:
- mapper which includes “client roles”
- scope configuration
- client-specific roles (composite and non-composite roles)
This setup works fine in the local development setup. Now we need to transfer this configuration to the other environments like develop/preproduction/production stage.
As far as I understand, Keycloak offers the following exports:
- Complete realm
- Specific client
It looks as if both apporaches have some major drawbacks. Either I would need to overwrite the complete realm (which I definitely don’t want to do in production) or I can import the basic client configuration which is missing all the roles.
And as soon as we, for example, add more roles later on, then we would need to re-configure all stages manually.
Is there some “good practice” how to deal with that? Does keycloak offer some kind of “sync” between stages?