Sign in Subscribe
Concepts

Keycloak shell scripting

Andrios Robert

1 min read

Keycloak shell scripting is the fastest way to automate identity management without dragging through UI clicks. With the right approach, it becomes a direct channel to your realms, clients, users, and tokens. Fast, scriptable, repeatable.

Keycloak offers a powerful Admin CLI (kcadm.sh). This tool connects directly to the server and gives you full access via shell commands. No browser. No waiting. Real changes in seconds. With shell scripting, you can chain these commands into scripts to configure new realms, set client roles, import users, or trigger token creation on demand.

Install and configure the CLI:

  1. Download the Keycloak distribution.
  2. In /bin, you’ll find kcadm.sh.
  3. Authenticate once using:
./kcadm.sh config credentials --server http://localhost:8080/auth --realm master --user admin --password yourpassword

From here, scripts can execute batch commands:

./kcadm.sh create realms -s realm=myrealm -s enabled=true
./kcadm.sh create clients -r myrealm -s clientId=myapp -s enabled=true
./kcadm.sh create users -r myrealm -s username=testuser -s enabled=true

You can integrate Keycloak shell scripting with CI/CD. Add the CLI to your build pipeline, run scripts after deployment, and ensure every environment spins up with identical identity configuration. This reduces manual errors and keeps configuration under version control.

Common use cases:

  • Provision realms across dev, staging, prod.
  • Batch assign user roles and groups.
  • Sync clients and secrets programmatically.
  • Automate token retrieval for API testing.

Best practices:

  • Use environment variables for credentials and server URLs.
  • Keep scripts modular, with separate files for realms, clients, and users.
  • Test changes against a staging server before pushing to production.
  • Store scripts in your repository alongside other infrastructure code.

When combined with Unix tools like grep, jq, or awk, Keycloak shell scripting becomes even more precise. You can parse JSON outputs, filter results, and feed data into other commands without touching the UI.

Direct shell access means control. Control means speed. Speed means you can focus on building systems, not wrestling with forms.

Want to see how this works end-to-end without spending hours on setup? Visit hoop.dev and run Keycloak shell scripting live in minutes.