keycloak 命令

常用示例

说明

kc.sh is the CLI for Keycloak, an open-source identity and access management solution. It manages server lifecycle, configuration, and data import/export. Development mode (start-dev) runs with relaxed security for local testing. Production deployments use start after running build to optimize configuration. The build step creates a quarkus-based optimized distribution. Keycloak supports SAML 2.0, OpenID Connect, OAuth 2.0, and LDAP/AD integration. It provides features like social login, user federation, fine-grained authorization, and multi-factor authentication. The export and import commands transfer realm configurations including clients, roles, users, and authentication flows. Use these for backup, migration, or infrastructure-as-code workflows. Configuration can be provided via command-line options, environment variables (KC_ prefix), or configuration files.

参数

--hostname _name_

Public hostname for the server.

--hostname-admin _name_

Hostname for admin console.

--http-port _port_

HTTP listen port. Default: 8080.

--https-port _port_

HTTPS listen port. Default: 8443.

--db _type_

Database vendor: dev-file, dev-mem, postgres, mysql, mariadb, mssql, oracle.

--db-url _url_

Full database JDBC URL.

--db-username _user_

Database username.

--db-password _pass_

Database password.

--features _list_

Enable feature flags.

--health-enabled _bool_

Enable health endpoints.

--metrics-enabled _bool_

Enable metrics endpoint.

--proxy _mode_

Proxy mode: edge, reencrypt, passthrough.

--log-level _level_

Log level: fatal, error, warn, info, debug, trace.

--help, -h

Display help information.