Cloud-IAM | DOCS

Appearance

Data export / import

The data of Keycloak can be easily extracted or imported. This gives you the full control over your data.

Exports

Exports can be especially useful if you want to migrate your whole Keycloak database from one environment to another. Export is available through the Cloud-IAM dashboard and Cloud-IAM API and return a single zip file.

Export your data
Exports

Depending on the size of the database, the export can take longer. The Cloud IAM export API provides advanced options: exports can be GPG encrypted and delivered directly to your S3 bucket.

The exports are kept 7 days if they are stored on the Cloud-IAM storage.

If you want to automate the export from your CI or schedule that every week, you can trigger the export for a deployment by using the API.

If needed, you can specify the destination bucket to store the export.

You can also provide a public GPG key that will be used to cipher the content of the export. Only the owner of the corresponding private key will be able to read the content of the file.

shell
curl --request POST \
  --url https://api.cloud-iam.com/deployments/00000000-0000-0000-0000-000000000000/exports/ \
  --header 'Content-Type: application/json' \
  --data '{
  "destination": {
    "endpoint": "https://s3.providr.cloud",
    "bucketName": "my-bucket",
    "accessKeyId": "XXXXXXXXXXXXXXXXXXX",
    "secretKey": "XXXXXXXXXXXXXXXXXXX",
    "region": "eu-west-1",
    "filename": "my-export.zip"
  },
  "publicGpgKey": "-----BEGIN PGP PUBLIC KEY BLOCK-----\n..."
}'
curl --request POST \
  --url https://api.cloud-iam.com/deployments/00000000-0000-0000-0000-000000000000/exports/ \
  --header 'Content-Type: application/json' \
  --data '{
  "destination": {
    "endpoint": "https://s3.providr.cloud",
    "bucketName": "my-bucket",
    "accessKeyId": "XXXXXXXXXXXXXXXXXXX",
    "secretKey": "XXXXXXXXXXXXXXXXXXX",
    "region": "eu-west-1",
    "filename": "my-export.zip"
  },
  "publicGpgKey": "-----BEGIN PGP PUBLIC KEY BLOCK-----\n..."
}'

The response contains in the Location header the url of the export process.

Imports

Once the export is complete, extract the zip file in which you will find two files:

  • xxx-realm.json
  • xxx-users-0.json

Contact us

For specific use-case, large data file, please contact the support.

Import Realm

To import the realm, connect to the Keycloak Admin console and click on Create Realm:

Import realm
Import Realm

Then import the file xxx-realm.json by clicking on Browse ...:

Create realm
Create Realm

Next, click on Create.

Import users

To import the users, connect to the Keycloak Admin console, select a Realm and click on Realm Settings > Action and choose Partial import:

Import users
Import users

Then import the file xxx-users-0.json by clicking on Browse ...:

Create users
Create users

Check the box to choose the resources you want to import and select an action if the resource already exists based on your needs.

Next, click on Import.