Introduction

In the previous post we showed how to setup a Keycloak server for your application. The process can be cumbersome to repeat for all other environments, so the straight forward way would be to reuse that same settings elsewhere.

Keycloak export Realm

Once you are completed and satisfied with the realm setup, you can do following steps to export the Keycloak settings. In our case we’ll demonstrate working with Keycloak container in Docker Desktop.

For starters, access your server or Docker container via terminal.

Position to the following directory that is default for Keycloak server:

cd opt/keycloak

To export specific realm settings use the following command with specified destination path and your realm name. Notice that we skip the exporting of user accounts in this case, otherwise we could omit that option if we want to migrate existing user accounts as well.

bin/kc.sh export --dir temp/exports/cleverheap --realm cleverheap --users skip

For migrating a large amount of user accounts, you might want to use a batch export via several files (for more details see Keycloak guidelines):

bin/kc.sh export --dir temp/exports/cleverheap --users different_files --users-per-file 100

Once the export is complete, switch to Files tab of your container to copy the exported content to your local directory:

Keycloak import Realm

Now that we have exported resources, we can reuse them to setup every container instance for other environments. With Docker, we can achieve it by mounting volumes to our Keycloak container. This way, everytime a fresh Keycloak container is started, it will use the same Keycloak realm setup.

Copy the exported content of cleverheap directory to the .keycloak/imports directory where your docker-compose.yaml resides. This directory path will be linked to a mounted volume.

In docker-compose.yaml file you can notice that the default location for Keycloak import resources is opt/keycloak/data/import so the volume is mounted to that path:

services:
  database:
    image: postgres
    environment:
      POSTGRES_DB: keycloak
      POSTGRES_USER: postgres
      POSTGRES_PASSWORD: admin
    volumes:
      - postgres:/data/postgres
    ports:
      - "5432:5432"
    networks:
      - cleverheap-network
    restart: unless-stopped

  keycloak:
    image: quay.io/keycloak/keycloak:26.1.4
    command: start --import-realm
    environment:
      KC_HOSTNAME: localhost
      KC_HOSTNAME_PORT: 8888
      KC_HOSTNAME_STRICT_BACKCHANNEL: false
      KC_HTTP_ENABLED: true
      KC_HOSTNAME_STRICT_HTTPS: false
      KC_HEALTH_ENABLED: true
      KC_BOOTSTRAP_ADMIN_USERNAME: admin
      KC_BOOTSTRAP_ADMIN_PASSWORD: admin
      KC_DB: postgres
      KC_DB_URL: jdbc:postgresql://database/keycloak
      KC_DB_USERNAME: postgres
      KC_DB_PASSWORD: admin
    volumes:
      - ./.keycloak/imports:/opt/keycloak/data/import
    ports:
      - 8888:8080
    restart: always
    depends_on:
      - database
    networks:
      - cleverheap-network

networks:
  cleverheap-network:
    driver: bridge

volumes:
  postgres:

Of course, there are other options to perform import of settings to a Keycloak server, such as the following command:

bin/kc.sh import --file .keycloak/imports/cleverheap-realm.json

Conclusion

In this post we showed how to export Keycloak realm settings from the local container and how we can reuse it in other environments for Keycloak setup. We also encourage you to check on the official guides for more information on Keycloak exporting and importing of realm configurations.

References

• Keycloak Guid: Import and Export Realms