Keycloak

What is keycloak image?

The keycloak image runs Keycloak, an open-source identity and access management (IAM) solution used to centralize authentication and authorization for applications, APIs, and distributed systems. It supports enterprise identity standards including OpenID Connect, OAuth2, and SAML, and integrates with LDAP, Active Directory, social login providers, and other identity systems. Keycloak offers multifactor authentication, identity brokering, user federation, client policies, realm management, and a complete admin console. In Kubernetes and other containerized environments, Keycloak is commonly used to secure API gateways, internal tools, developer platforms, and user-facing apps. Modern Keycloak builds use Quarkus, enabling fast startup times, strong performance, and better cloud-native behavior.

How to use this image

Keycloak can run in development mode using an embedded H2 database or in production using external databases like PostgreSQL or MariaDB.

Run in development mode:

docker run -d -p 8080:8080 \
  -e KEYCLOAK_ADMIN=admin \
  -e KEYCLOAK_ADMIN_PASSWORD=admin \
  quay.io/keycloak/keycloak:24.0 \
  start-dev

Run with PostgreSQL (recommended for production):

docker run -d -p 8080:8080 \
  -e KC_DB=postgres \
  -e KC_DB_URL=jdbc:postgresql://postgres:5432/keycloak \
  -e KC_DB_USERNAME=keycloak \
  -e KC_DB_PASSWORD=secret \
  -e KEYCLOAK_ADMIN=admin \
  -e KEYCLOAK_ADMIN_PASSWORD=admin \
  quay.io/keycloak/keycloak:24.0 start

Custom base image example (themes or providers):

FROM quay.io/keycloak/keycloak:24.0
COPY themes/custom /opt/keycloak/themes/custom

Keycloak listens on port 8080 and logs to stdout. In production, it typically runs behind an ingress controller or reverse proxy that provides TLS.

Image variants

Published under quay.io/keycloak/keycloak, the image includes:

Keycloak images update frequently with security and feature enhancements; production environments should always pin explicit versions.