kcadm.sh

Start an authenticated session

$ kcadm.sh config credentials --server [host] --realm [realm_name] --user [username] --password [password]

$ kcadm.sh create users -s username=[username] -r [realm_name]

$ kcadm.sh get realms

$ kcadm.sh update realms/[realm_name] -f [path/to/file.json]

kcadm.sh [global options] [command options]

--server
    Specifies the Keycloak server URL.

--realm
    Specifies the target Keycloak realm.

--user
    Specifies the username for authentication.

--password
    Specifies the password for authentication.

--client
    Specifies the client ID for authentication.

--client-secret
    Specifies the client secret for authentication.

create
    Creates a new Keycloak resource (e.g., realm, user, client).

update /
    Updates an existing Keycloak resource specified by its ID.

delete /
    Deletes a Keycloak resource.

get /
    Retrieves details of a Keycloak resource.

search
    Searches for Keycloak resources based on specified criteria.

--fields
    Specifies the fields to retrieve in search or get operations.

-h, --help
    Displays help information.

-v, --version
    Displays the version of the kcadm.sh script.

The `kcadm.sh` script is the command-line interface (CLI) for managing Keycloak, an open-source identity and access management solution. It provides a convenient way to interact with the Keycloak server, allowing administrators to perform various tasks such as creating and managing realms, users, clients, roles, and other Keycloak entities.

The script interacts with the Keycloak Admin REST API, abstracting away the complexities of making direct API calls. It supports various authentication methods to connect to the Keycloak server. It is particularly useful for automating Keycloak administration tasks, scripting deployments, and performing bulk operations. It provides a single access point for all administration operations.

It simplifies common tasks that would otherwise require direct interaction with the Keycloak REST API or using the Keycloak Admin Console (web UI). Therefore, it is a valuable tool for administrators and developers working with Keycloak.

Authentication credentials (username/password or client ID/secret) should be handled securely. Avoid storing them directly in scripts. Consider using environment variables or configuration files for better security.

The script supports multiple authentication mechanisms, including username/password, client credentials, and bearer tokens. Choose the authentication method that best suits your environment and security requirements.

Example: Creating a realm:
kcadm.sh create realms -s realm=MyRealm -s enabled=true --server http://localhost:8080/auth -u admin -p admin
Example: Creating a user:
kcadm.sh create users -r MyRealm -s username=testuser -s enabled=true --server http://localhost:8080/auth -u admin -p admin

The `kcadm.sh` script was developed as part of the Keycloak project to provide a command-line interface for managing Keycloak instances. It evolved alongside Keycloak, with new features and commands added to support the evolving Keycloak Admin REST API. The usage is primarily for automation and scripted deployments of Keycloak.

curl(1)