Pass JSON file to Aspire keycloak container and have it initialise with realm/config on first run

[hades200082]

I'm looking to use Keycloak primarily for local development in a team.

I'd like to be able to configure an Aspire project such that when a new developer launches it, not only do they get a keycloak container, but that instance of keycloak is pre-configured to the requirements of the project.

This would include:

• Realm (Which the Aspire AddRealm() currently doesn't create)
• Clients & Client Scopes
• Realm roles
• Realm settings
• Authentication settings
• Email config (we always use localhost with Papercut locally)

As a bonus, it should seed some test users so we all get the same users to test with initially.

I'd see this being something like:

var keycloak = builder.AddKeycloakContainer("keycloak")
    .AddRealm("MyRealm")
    .WithImportedConfig("./.keycloak/"); // Path to a folder containing JSON files for keycloak to import

[hades200082]

An alternative would be to allow a bind-mount to be created so that Keycloak's database could be stored within the project and checked into git - though this is less optimal.

[NikiforovAll]

Something like this is already supported, please see the example: https://github.com/NikiforovAll/keycloak-authorization-services-dotnet/blob/main/samples/GettingStartedAndAspire/AppHost/Program.cs#L6-L7

Although, I'm not sure if it covers all your needs

[hades200082]

Thanks @NikiforovAll, that helps some.

I can't find where to export users - is there a way of doing this in the admin UI?

Also, the realm export seems to mask the client secrets for clients which means they can't be imported to set up identical again. Is there a way to do a full export of a realm in a way that can be restored?

[NikiforovAll]

Sure, please take a look at https://www.keycloak.org/server/importExport

[hades200082]

Again, thanks @NikiforovAll. I note that the instructions state "Your Keycloak server instance must not be started when invoking this command". How do you achieve this when running in Aspire/Docker?

[hades200082]

@NikiforovAll My use case is that I have a team of developers and I want to be able to have those developers check out the project, run the AppHost and be able to start working on the application without needing to spend time either learning Keycloak's intricacies or requiring every new developer to the team to set it up themselves.

This is super important for the team's ability to work independently (and even offline) in an efficient and productive way.

If I'm not able to export the config from the docker instance that Aspire spins up it's pointless the Aspire package having an import option and the whole thing becomes useless to me.