Skip to content

Environment variables

Environment variables are used to configure the Keycloak cluster or your custom extensions.

They can be used to adjust the Keycloak settings (see https://www.keycloak.org/server/all-config). Note that some configuration variables are under the responsibility of Cloud-IAM and won't be overridable.

Environment variables
Environment variables

Types of Keycloak variables

We propose two types of variables:

  • Clear: the value is displayed in clear in the console
  • Masked: the value is masked and can no longer be read once saved.

To make a variable "masked", simply click on the padlock and validate:

Environment variables masked
Environment variables masked

The value is then no longer displayed, but you can modify it if you wish to update it.

If you wish to make a masked variable clear again, you can do so by clicking on the open padlock:

Environment variables clear
Environment variables clear

WARNING

However, this will reset the current value, so you'll need to enter it again:

Environment variables blank
Environment variables blank

Keycloak variables

KC_LOG_LEVEL

This variable can be used to configure the log level of Keycloak. The default value is INFO.

You can use this value for instance WARN,com.acme.extension:DEBUG to log at the DEBUG level for the classes from package com.acme.extension, and at the WARN level for everything else.

KC_HTTP_RELATIVE_PATH

Changing the value of variable KC_HTTP_RELATIVE_PATH will change the url of your deployment. This might impact the availability of your deployment.

The deployment url is generated by this formula: https://deployment.cloud-iam.com${KC_HTTP_RELATIVE_PATH}/admin/master/console/

For backward compatibility between Wildfly and Quarkus, you might need to set this value to /auth. In this case, all the urls are prefixed with /auth as before in Wildfly.

Be careful when changing / removing this value, because it affects the login url for your end-users