All posts
ConceptsOctober 16, 20251 min read

Keycloak shell scripting

Keycloak shell scripting is the fastest way to automate identity management without dragging through UI clicks. With the right approach, it becomes a direct channel to your realms, clients, users, and tokens. Fast, scriptable, repeatable. Keycloak offers a powerful Admin CLI (kcadm.sh). This tool connects directly to the server and gives you full access via shell commands. No browser. No waiting. Real changes in seconds. With shell scripting, you can chain these commands into scripts to configu

Free White Paper

Keycloak: The Complete Guide

Architecture patterns, implementation strategies, and security best practices. Delivered to your inbox.

Free. No spam. Unsubscribe anytime.
Andrios Robert

Keycloak shell scripting is the fastest way to automate identity management without dragging through UI clicks. With the right approach, it becomes a direct channel to your realms, clients, users, and tokens. Fast, scriptable, repeatable.

Keycloak offers a powerful Admin CLI (kcadm.sh). This tool connects directly to the server and gives you full access via shell commands. No browser. No waiting. Real changes in seconds. With shell scripting, you can chain these commands into scripts to configure new realms, set client roles, import users, or trigger token creation on demand.

Install and configure the CLI:

  1. Download the Keycloak distribution.
  2. In /bin, you’ll find kcadm.sh.
  3. Authenticate once using:
./kcadm.sh config credentials --server http://localhost:8080/auth --realm master --user admin --password yourpassword

From here, scripts can execute batch commands:

./kcadm.sh create realms -s realm=myrealm -s enabled=true
./kcadm.sh create clients -r myrealm -s clientId=myapp -s enabled=true
./kcadm.sh create users -r myrealm -s username=testuser -s enabled=true

You can integrate Keycloak shell scripting with CI/CD. Add the CLI to your build pipeline, run scripts after deployment, and ensure every environment spins up with identical identity configuration. This reduces manual errors and keeps configuration under version control.

Continue reading? Get the full guide.

Keycloak: Architecture Patterns & Best Practices

Free. No spam. Unsubscribe anytime.

Common use cases:

  • Provision realms across dev, staging, prod.
  • Batch assign user roles and groups.
  • Sync clients and secrets programmatically.
  • Automate token retrieval for API testing.

Best practices:

  • Use environment variables for credentials and server URLs.
  • Keep scripts modular, with separate files for realms, clients, and users.
  • Test changes against a staging server before pushing to production.
  • Store scripts in your repository alongside other infrastructure code.

When combined with Unix tools like grep, jq, or awk, Keycloak shell scripting becomes even more precise. You can parse JSON outputs, filter results, and feed data into other commands without touching the UI.

Direct shell access means control. Control means speed. Speed means you can focus on building systems, not wrestling with forms.

Want to see how this works end-to-end without spending hours on setup? Visit hoop.dev and run Keycloak shell scripting live in minutes.

Get started

See hoop.dev in action

One gateway for every database, container, and AI agent. Deploy in minutes.

Get a demoMore posts