Cloud-IAM | DOCS

Appearance

Environment variables

Environment variables feature
Cloud-IAM Console - Environment variables feature

What is an environment variables?

Environment variables are used to configure the Keycloak cluster or your custom extensions.

They can be used to adjust the Keycloak settings (see https://www.keycloak.org/server/all-config). Note that some configuration variables are under the responsibility of Cloud-IAM and won't be overridable.

How to register environment variables?

To add an environment variable, follow these steps:

  1. Open Cloud-IAM console
  2. Select the Keycloak deployment you want to configure.
  3. Click on Configuration
  4. Select Environment variables
  5. Click on + Add
  6. Register the Name & the Value
  7. Then Click on Save and Redeploy

After 5–10 minutes, while your Keycloak deployment redeploys via the rolling upgrade process, the changes will be applied.

Environment variables Access
Cloud-IAM Console - Environment variables Access

How to secure sensitive variable?

Some environment variables contain sensitive data and must be protected. These values can be stored as secrets, which are hidden from the console after creation to ensure security.

Follow these steps to create a secure variable:

  1. Register the Name
  2. Register the Value
  3. Toggle the padlock icon to mark it as sensitive
  4. Then Click on Save and Redeploy

Once saved, the value will be hidden in the console (even from admin roles), but can still be updated at any time.

Keycloak variables examples

KC_LOG_LEVEL

This variable can be used to configure the log level of Keycloak. The default value is INFO.

You can use this value for instance WARN,com.acme.extension:DEBUG to log at the DEBUG level for the classes from package com.acme.extension, and at the WARN level for everything else.

KC_HTTP_RELATIVE_PATH

Changing the value of variable KC_HTTP_RELATIVE_PATH will change the url of your deployment. This might impact the availability of your deployment.

The deployment url is generated by this formula: https://deployment.cloud-iam.com${KC_HTTP_RELATIVE_PATH}/admin/master/console/

For backward compatibility between Wildfly and Quarkus, you might need to set this value to /auth. In this case, all the urls are prefixed with /auth as before in Wildfly.

Be careful when changing / removing this value, because it affects the login url for your end-users