Sign in Subscribe
Concepts

Accessing and Managing the Keycloak Database

Andrios Robert

1 min read

Keycloak stores its data in a relational database. User accounts, credentials, realms, clients, roles, and sessions all live there. By default, deployments use PostgreSQL or MariaDB, but Keycloak supports other JDBC-compliant databases. Choosing the right database affects scalability, query speed, and long-term maintenance.

To access the Keycloak database directly, you need the connection details defined in keycloak.conf or environment variables:

  • Database vendor"postgres", "mysql", or another supported type.
  • JDBC URL — The connection string to your database cluster.
  • Username and password — Credentials with the necessary read/write permissions.

Once you connect with a database tool like psql or mysql, you can explore the main tables:

  • USER_ENTITY contains user records and linked metadata.
  • REALM holds configuration for each realm.
  • CLIENT defines applications and services integrated with Keycloak.
  • ROLE and ROLE_MAPPING define authorization structures.
  • EVENT_ENTITY tracks login and error events.

Direct database reads are useful for audits, custom reporting, or debugging. Writes, however, must be handled carefully. Directly changing data in the Keycloak database can break internal consistency. Keycloak’s API should be your first choice for modifications. When you need to prepare data for migration or run offline analysis, read-only access to the database is safer.

For production systems, monitor database performance. Track slow queries, index usage, and connections. Tight database operations ensure Keycloak responds quickly during high load. Ensure your backup strategy covers both Keycloak’s configuration and database state.

Secure database access with role-based permissions, SSL connections, and network restrictions. Any breach could expose sensitive credentials or tokens. Rotate credentials regularly and keep the database on a private network segment.

Managing Keycloak database access well will give you sharper control over identity data. It will let you debug issues faster and grow the system without surprises.

See how fast you can go from zero to live Keycloak database insights with hoop.dev — connect, query, and monitor in minutes.