Environment variables 'KEYCLOAK_ADMIN' and 'KEYCLOAK_ADMIN_PASSWORD' are deprecated #19

New Issue

Open

opened 2025-02-21 00:32:29 +00:00 by cgalo5758 · 2 comments

cgalo5758 commented 2025-02-21 00:32:29 +00:00

Copy Link

https://github.com/keycloak/keycloak/issues/31229

https://github.com/keycloak/keycloak/issues/31229

👍 2

3wordchant commented 2025-03-21 09:21:06 +00:00

Owner

Copy Link

Ty for the report @cgalo5758. I remember seeing something about the deprecation in release notes. Do you happen to know if there are 1:1 replacements we can switch to? Or we'd need to change the initial set-up instructions?

Ty for the report @cgalo5758. I remember seeing something about the deprecation in release notes. Do you happen to know if there are 1:1 replacements we can switch to? Or we'd need to change the initial set-up instructions?

cgalo5758 commented 2025-03-30 03:53:02 +00:00

Author

Copy Link

Yes, @3wordchant! We can replace them with KC_BOOTSTRAP_ADMIN_USERNAME and KC_BOOTSTRAP_ADMIN_PASSWORDas described in the (configuration documentation)[https://www.keycloak.org/server/configuration#_creating_the_initial_admin_user]:

Keycloak parses these values at first startup to create an initial user with administrative rights. Once the first user with administrative rights exists, you can use the Admin Console or the command line tool kcadm.[sh|bat] to create additional users.

If the initial administrator already exists and the environment variables are still present at startup, an error message stating the failed creation of the initial administrator is shown in the logs. Keycloak ignores the values and starts up correctly.

The main difference it seems to me is that these credentials are only used at first start and the interface makes it explicit that it is a temporary account.

Yes, @3wordchant! We can replace them with `KC_BOOTSTRAP_ADMIN_USERNAME` and `KC_BOOTSTRAP_ADMIN_PASSWORD`as described in the (configuration documentation)[https://www.keycloak.org/server/configuration#_creating_the_initial_admin_user]: >Keycloak parses these values at first startup to create an initial user with administrative rights. Once the first user with administrative rights exists, you can use the Admin Console or the command line tool `kcadm.[sh|bat]` to create additional users. > >If the initial administrator already exists and the environment variables are still present at startup, an error message stating the failed creation of the initial administrator is shown in the logs. Keycloak ignores the values and starts up correctly. The main difference it seems to me is that these credentials are only used **at first start** and the interface makes it explicit that it is a temporary account.

👀 1

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

postgres

dev

arm64

custom-theme-loading

10.4.0+26.3.1

10.3.1+26.2.5

10.3.0+26.2.1

10.2.1+26.1.2

10.2.0+26.1.2

10.1.1+26.0.1

10.1.0+26.0.1

10.0.1+26.0.1

10.0.0+26.0.1

9.0.0+25.0.6

8.0.1+23.0.6

8.0.0+23.0.0

7.2.0+22.0.5

7.1.0+22.0.5

7.0.2+22.0.5

7.0.1+22.0.4

6.1.0+22.0.1

7.0.0+22.0.1

6.0.0+21.0.2

5.1.0+20.0.3

5.0.2+20.0.3

5.0.1+20.0.3

5.0.0+20.0.1

4.0.1+16.1.1

4.0.0+16.1.0

3.0.0+15.0.2

2.0.0+14.0.0

1.0.0+13.0.1

Labels

No items

No Label

Milestone

No items

No Milestone

Assignees

Clear assignees

3wordchant aadil abra-bot ammaratef45 Apfelwurm appletalk arjan basebuilder Brooke carla cas codegod100 coopcloud cyrnel decentral1se fauno flancian Frando iexos javielico jmakdah2 kawaiipunk knoflook lambdabundesverband mac-chaffee marlon mayel mirsal moritz nicksellen notplants p4u1 pau renovate-bot ripclap rix sef simon sixsmith stevensting tobias trav val virtualboys wolcen wykwit xynosis yksflip

No Assignees

2 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: coop-cloud/keycloak#19

No description provided.