Keycloak Config CLI
keycloak-config-cli is a Keycloak utility to ensure the desired configuration state for a realm based on a JSON/YAML file. The format of the JSON/YAML file is based on the export realm format. Store and handle the configuration files inside git just like normal code. A Keycloak restart isn't required to apply the configuration.
Key Features
- Declarative Configuration: Define your Keycloak realm configuration in JSON/YAML files
- GitOps Ready: Store configuration files in git for version control and CI/CD
- No Downtime: Apply configuration changes without restarting Keycloak
- Variable Substitution: Support for environment variables and dynamic configuration
- Import Methods: Multiple ways to import and apply configurations
- Docker & Helm Ready: Container-friendly deployment options
Quick Overview
The config files are based on the Keycloak export files. You can use them to re-import your settings. Keep your files as small as possible by removing all UUIDs and default settings set by Keycloak.
Check out our example configuration for a complete working example. More examples are available in our test resources.
Variable Substitution
keycloak-config-cli supports variable substitution of config files. This can be enabled by import.var-substitution.enabled=true (disabled by default).
Variables exposed by Spring Boot (through configtree or external configuration) can be accessed by $(property.name).
:::note
For advanced variable substitution including JavaScript support, see our Variable Substitution guide.
:::
Next Steps
- Installation - Get started with installing keycloak-config-cli
- Quick Start - Set up your first configuration
- Configuration - Learn about configuration options
- Docker & Helm - Deploy using containers