Skip to main content

Keycloak Api Keys



  • Documentation:
  • Summary: Keycloak provides sign-in unification features, allowing users to sign in and out of all needed tools in one action.
  • IPs allowlist: This feature is not supported.
  • Scopes: Each user has their attributed key, which can cover any number of third-party services

Revoke the secret#

From the admin console, one can issue 'not-before' policies, ensuring that tokens created before a given timestamp are rendered null. Specific applications, clients or users can also be disabled.

Check for suspicious activity#

Logins are saved as events in the admin console (realm settings). These events can be regularly screened to detect suspicious activities (ex login at unusual hours), but there is no native way to automate the screening. Failed login attempts are also registered and can be configured to trigger an incremental lock on the targeted account, to avoid brute-force attacks.

Details for Keycloak api keys#

  • Family: Api

  • Category: Identity provider

  • Company: KeyCloak

  • High recall: False

  • Validity check available: False

  • Minimum number of matches: 2

  • Occurrences found for one million commits: 13.9

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions: []  banlist_filenames: []  check_binaries: false  include_default_banlist_extensions: true  ban_markup: false- type: ContentWhitelistPreValidator  patterns:  - keycloak


- text: |    +#    +keycloak:    +  auth-server-url:    +  bearer-only: true    +  credentials:    +    client-id: 528bed53-f405-406a-96c0-5e921c7b39fe    +    secret: 63488e67-3e19-43de-997e-833673aea340    +  realm: a-random-realm    +  resource: random-server    +  use-resource-role-mappings: true
  client_id: 528bed53-f405-406a-96c0-5e921c7b39fe  apikey: 63488e67-3e19-43de-997e-833673aea340
- text: |    +keycloak.principal-attribute=preferred_username    +keycloak.credential.client-id=2046f7b3-b878-4bc5-8f7f-57b24ce19d85    +keycloak.credentials.secret=0aa1dabc-1d8a-4c00-85c2-82bc88c42dc7    +keycloak.disable-trust-manager=true  client_id: 2046f7b3-b878-4bc5-8f7f-57b24ce19d85  apikey: 0aa1dabc-1d8a-4c00-85c2-82bc88c42dc7