Why keycloak uses UUID as primary keys?

Hi Everyone,

Can someone please explain why keycloak uses UUID (36 bytes) as primary keys for it’s tables? Wouldn’t there be a performance issues?

Random post about UUID: MySQL UUID Smackdown: UUID vs. INT for Primary Key

I would say key feature for security sensitive software (e.g. Keycloak) is:

UUID values do not expose the information about your data so they are safer to use in a URL. For example, if a customer with id 10 accesses his account via http://www.example.com/customers/10/ URL, it is easy to guess that there is a customer 11, 12, etc., and this could be a target for an attack.

@jangaraj thanks for the response. That makes sense but why not UUID in binary format? Since these primary keys will also be added as clustered indexes, they will be copied in all the secondary indexes which will eat up lot of space. Also the join operations would be slower?

I don’t know. I guess each DB type has own better approach how to save UUID, so it’s easy to write generic approach, which works everywhere.

1 Like