If you'd like to quickly and easily deploy Keycloak on a hosting provider, complete the steps in Neon Postgres Database Setup below, then click the button above to deploy Keycloak on Koyeb. Make sure that you configure the following values on Koyeb:
KC_DB_URL,KC_DB_PASSWORD,KC_DB_USERNAME- Refer to Neon Postgres Database Setup.KEYCLOAK_ADMIN_PASSWORD- You'll use this to login to the Keycloak console as theadminuser.KC_HOSTNAME- This should be set to the App name at the end of the Koyeb deployment UI.- Ideally, select a depoloyment region close to your Neon database.
Keycloak can be run locally if you have a JDK installed per the Keycloak docs. Alternatively you can use Docker or Podman to run Keycloak in a container. This development guide will use Docker to run Keycloak locally.
- Log in to the Neon console and create a project (or skip to step #2 if using an existing project)
- Go to the Databases UI in your project, and create a new database named
keycloak. - Use the SQL Editor in your project to run the following queries in the
keycloakdatabase:
/* Create a strong password per: https://neon.tech/docs/manage/roles */
CREATE USER keycloak_admin WITH PASSWORD 'r3plac3_th1s';
GRANT ALL ON SCHEMA public TO keycloak_admin;- Return to the Connection Details screen in your Neon project and take note of your database's hostname, since you'll need it soon.
- Clone this repository and
cdinto it. Run all subsequent commands from within the repository. - Create a copy of the
.env.examplefile name.env.cp .env.example .env
- Replace the
KC_DB_PASSWORDwith the password you set when creating thekeycloak_adminuser. - Replace the
hostnameinKC_DB_URLwith your database hostname from the Connection Details in the Neon project dashboard. - Load your environment variables and start keycloak:
source .env docker run --rm --name neon-keycloak \ -p 8080:8080 \ -v $(pwd)/realms:/opt/keycloak/data/import \ -e KC_DB=postgres \ -e KC_DB_URL=$KC_DB_URL \ -e KC_DB_PASSWORD=$KC_DB_PASSWORD \ -e KC_DB_USERNAME=$KC_DB_USERNAME \ -e KEYCLOAK_ADMIN=$KEYCLOAK_ADMIN \ -e KEYCLOAK_ADMIN_PASSWORD=$KEYCLOAK_ADMIN_PASSWORD \ quay.io/keycloak/keycloak:23.0.1 start-dev --import-realm
Be patient on the first start, since Keycloak has to create over 90 tables in the database and populate them with some data. Subsequent starts will take just a few seconds to become ready.
Keycloak is ready when the following log is printed:
Keycloak 23.0.1 on JVM (powered by Quarkus 3.2.9.Final) started in 175.226s. Listening on: http://0.0.0.0:8080
Note
This log line is from the initial Keycloak startup using an M2 MacBook Pro using Docker. Startup times are measured in seconds afterwards. On Linux machines that don't require virtualisation to run containers the startup is always measured in seconds.
Once you have Keycloak running and connectd to your Neon Postgres database, you can use it to authenticate users of your application.
The prior docker run command mounted the local realms/ folder and set the
--import-realm flag to create a realm and client.
Having a realm and client pre-created means you can test your Keycloak instance using the included next-auth-sample application.
Performing this step is useful to reduce startup times in production. Refer to running Keycloak in a container for comprehensive documentation.
docker build . -t neon-keycloak
# Create a .env file
cp .env.example .env
# Modify the .env file with your desired credentials and Neon database URL
vi .env
docker run --rm --name neon-keycloak \
-p 8080:8080 \
-e KC_DB_URL=$KC_DB_URL \
-e KC_DB_PASSWORD=$KC_DB_PASSWORD \
-e KC_DB_USERNAME=$KC_DB_USERNAME \
-e KEYCLOAK_ADMIN=$KEYCLOAK_ADMIN \
-e KEYCLOAK_ADMIN_PASSWORD=$KEYCLOAK_ADMIN_PASSWORD \
neon-keycloak start --optimized