kcadm.sh
Manage Keycloak server via command line
TLDR
Start an authenticated session
Create a user
List all realms
Update a realm with JSON config
SYNOPSIS
kcadm.sh [global options]
PARAMETERS
--server
Specifies the Keycloak server URL.
--realm
Specifies the target Keycloak realm.
--user
Specifies the username for authentication.
--password
Specifies the password for authentication.
--client
Specifies the client ID for authentication.
--client-secret
Specifies the client secret for authentication.
create
Creates a new Keycloak resource (e.g., realm, user, client).
update
Updates an existing Keycloak resource specified by its ID.
delete
Deletes a Keycloak resource.
get
Retrieves details of a Keycloak resource.
search
Searches for Keycloak resources based on specified criteria.
--fields
Specifies the fields to retrieve in search or get operations.
-h, --help
Displays help information.
-v, --version
Displays the version of the kcadm.sh script.
DESCRIPTION
The `kcadm.sh` script is the command-line interface (CLI) for managing Keycloak, an open-source identity and access management solution. It provides a convenient way to interact with the Keycloak server, allowing administrators to perform various tasks such as creating and managing realms, users, clients, roles, and other Keycloak entities.
The script interacts with the Keycloak Admin REST API, abstracting away the complexities of making direct API calls. It supports various authentication methods to connect to the Keycloak server. It is particularly useful for automating Keycloak administration tasks, scripting deployments, and performing bulk operations. It provides a single access point for all administration operations.
It simplifies common tasks that would otherwise require direct interaction with the Keycloak REST API or using the Keycloak Admin Console (web UI). Therefore, it is a valuable tool for administrators and developers working with Keycloak.
CAVEATS
Authentication credentials (username/password or client ID/secret) should be handled securely. Avoid storing them directly in scripts. Consider using environment variables or configuration files for better security.
AUTHENTICATION
The script supports multiple authentication mechanisms, including username/password, client credentials, and bearer tokens. Choose the authentication method that best suits your environment and security requirements.
SCRIPTING EXAMPLES
Example: Creating a realm:
kcadm.sh create realms -s realm=MyRealm -s enabled=true --server http://localhost:8080/auth -u admin -p admin
Example: Creating a user:
kcadm.sh create users -r MyRealm -s username=testuser -s enabled=true --server http://localhost:8080/auth -u admin -p admin
HISTORY
The `kcadm.sh` script was developed as part of the Keycloak project to provide a command-line interface for managing Keycloak instances. It evolved alongside Keycloak, with new features and commands added to support the evolving Keycloak Admin REST API. The usage is primarily for automation and scripted deployments of Keycloak.
SEE ALSO
curl(1)