From 45c0baf84367421a780bb0a97e81b07139b3f73c Mon Sep 17 00:00:00 2001 From: Dominik Guhr Date: Thu, 24 Feb 2022 18:00:32 +0100 Subject: [PATCH] enhance container guide closes #10458 --- docs/guides/src/main/server/containers.adoc | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/docs/guides/src/main/server/containers.adoc b/docs/guides/src/main/server/containers.adoc index f9191aff1b..2254c3b783 100644 --- a/docs/guides/src/main/server/containers.adoc +++ b/docs/guides/src/main/server/containers.adoc @@ -62,7 +62,7 @@ podman|docker build . -t prebuilt_keycloak To start the image, run: [source, bash] ---- -podman|docker run --name optimized_keycloak -p 8443:8443 prebuilt_keycloak +podman|docker run --name optimized_keycloak -p 8443:8443 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=change_me prebuilt_keycloak ---- Keycloak starts in production mode, using only secured HTTPS communication, and is available on `https://localhost:8443`. Notice that the startup log contains the following line: @@ -117,4 +117,18 @@ In the example, the line `--db=postgres --features=token-exchange` sets the dat Keycloak then starts up and applies the configuration for the specific environment. This approach significantly increases startup time and creates an image that is mutable, which is not the best practice. +== Provide initial admin credentials when running in a container +Keycloak only allows to create the initial admin user from a local network connection. This is not the case when running in a container, so you have to provide the following environment variables when you run the image: + +[source, bash] +---- +# setting the admin username +-e KEYCLOAK_ADMIN= + +# setting the initial password +-e KEYCLOAK_ADMIN_PASSWORD=change_me +---- + +Feel free to join the open https://github.com/keycloak/keycloak/discussions/8549[GitHub Discussion] around enhancements of the admin bootstrapping process. +