Keycloak v6.7.0 published on Tuesday, Jul 29, 2025 by Pulumi
keycloak.Provider
The provider type for the keycloak package. By default, resources use package-wide configuration
settings, however an explicit Provider instance may be created and passed during resource
construction to achieve fine-grained programmatic control over provider settings. See the
documentation for more information.
Create Provider Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Provider(name: string, args?: ProviderArgs, opts?: CustomResourceOptions);@overload
def Provider(resource_name: str,
args: Optional[ProviderArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def Provider(resource_name: str,
opts: Optional[ResourceOptions] = None,
additional_headers: Optional[Mapping[str, str]] = None,
base_path: Optional[str] = None,
client_id: Optional[str] = None,
client_secret: Optional[str] = None,
client_timeout: Optional[int] = None,
initial_login: Optional[bool] = None,
jwt_signing_alg: Optional[str] = None,
jwt_signing_key: Optional[str] = None,
password: Optional[str] = None,
realm: Optional[str] = None,
red_hat_sso: Optional[bool] = None,
root_ca_certificate: Optional[str] = None,
tls_insecure_skip_verify: Optional[bool] = None,
url: Optional[str] = None,
username: Optional[str] = None)func NewProvider(ctx *Context, name string, args *ProviderArgs, opts ...ResourceOption) (*Provider, error)public Provider(string name, ProviderArgs? args = null, CustomResourceOptions? opts = null)
public Provider(String name, ProviderArgs args)
public Provider(String name, ProviderArgs args, CustomResourceOptions options)
type: pulumi:providers:keycloak
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ProviderArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ProviderArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ProviderArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ProviderArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ProviderArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Provider Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Provider resource accepts the following input properties:
- Additional
Headers Dictionary<string, string> - Base
Path string - Client
Id string - Client
Secret string - Client
Timeout int - Timeout (in seconds) of the Keycloak client
It can also be sourced from the following environment variable:
KEYCLOAK_CLIENT_TIMEOUT - Initial
Login bool - Whether or not to login to Keycloak instance on provider initialization
- Jwt
Signing stringAlg - The algorithm used to sign the JWT when client-jwt is used. Defaults to RS256.
- Jwt
Signing stringKey - The PEM-formatted private key used to sign the JWT when client-jwt is used.
- Password string
- Realm string
- Red
Hat boolSso - When true, the provider will treat the Keycloak instance as a Red Hat SSO server, specifically when parsing the version returned from the /serverinfo API endpoint.
- Root
Ca stringCertificate - Allows x509 calls using an unknown CA certificate (for development purposes)
- Tls
Insecure boolSkip Verify - Allows ignoring insecure certificates when set to true. Defaults to false. Disabling security check is dangerous and should be avoided.
- Url string
- The base URL of the Keycloak instance, before
/auth - Username string
- Additional
Headers map[string]string - Base
Path string - Client
Id string - Client
Secret string - Client
Timeout int - Timeout (in seconds) of the Keycloak client
It can also be sourced from the following environment variable:
KEYCLOAK_CLIENT_TIMEOUT - Initial
Login bool - Whether or not to login to Keycloak instance on provider initialization
- Jwt
Signing stringAlg - The algorithm used to sign the JWT when client-jwt is used. Defaults to RS256.
- Jwt
Signing stringKey - The PEM-formatted private key used to sign the JWT when client-jwt is used.
- Password string
- Realm string
- Red
Hat boolSso - When true, the provider will treat the Keycloak instance as a Red Hat SSO server, specifically when parsing the version returned from the /serverinfo API endpoint.
- Root
Ca stringCertificate - Allows x509 calls using an unknown CA certificate (for development purposes)
- Tls
Insecure boolSkip Verify - Allows ignoring insecure certificates when set to true. Defaults to false. Disabling security check is dangerous and should be avoided.
- Url string
- The base URL of the Keycloak instance, before
/auth - Username string
- additional
Headers Map<String,String> - base
Path String - client
Id String - client
Secret String - client
Timeout Integer - Timeout (in seconds) of the Keycloak client
It can also be sourced from the following environment variable:
KEYCLOAK_CLIENT_TIMEOUT - initial
Login Boolean - Whether or not to login to Keycloak instance on provider initialization
- jwt
Signing StringAlg - The algorithm used to sign the JWT when client-jwt is used. Defaults to RS256.
- jwt
Signing StringKey - The PEM-formatted private key used to sign the JWT when client-jwt is used.
- password String
- realm String
- red
Hat BooleanSso - When true, the provider will treat the Keycloak instance as a Red Hat SSO server, specifically when parsing the version returned from the /serverinfo API endpoint.
- root
Ca StringCertificate - Allows x509 calls using an unknown CA certificate (for development purposes)
- tls
Insecure BooleanSkip Verify - Allows ignoring insecure certificates when set to true. Defaults to false. Disabling security check is dangerous and should be avoided.
- url String
- The base URL of the Keycloak instance, before
/auth - username String
- additional
Headers {[key: string]: string} - base
Path string - client
Id string - client
Secret string - client
Timeout number - Timeout (in seconds) of the Keycloak client
It can also be sourced from the following environment variable:
KEYCLOAK_CLIENT_TIMEOUT - initial
Login boolean - Whether or not to login to Keycloak instance on provider initialization
- jwt
Signing stringAlg - The algorithm used to sign the JWT when client-jwt is used. Defaults to RS256.
- jwt
Signing stringKey - The PEM-formatted private key used to sign the JWT when client-jwt is used.
- password string
- realm string
- red
Hat booleanSso - When true, the provider will treat the Keycloak instance as a Red Hat SSO server, specifically when parsing the version returned from the /serverinfo API endpoint.
- root
Ca stringCertificate - Allows x509 calls using an unknown CA certificate (for development purposes)
- tls
Insecure booleanSkip Verify - Allows ignoring insecure certificates when set to true. Defaults to false. Disabling security check is dangerous and should be avoided.
- url string
- The base URL of the Keycloak instance, before
/auth - username string
- additional_
headers Mapping[str, str] - base_
path str - client_
id str - client_
secret str - client_
timeout int - Timeout (in seconds) of the Keycloak client
It can also be sourced from the following environment variable:
KEYCLOAK_CLIENT_TIMEOUT - initial_
login bool - Whether or not to login to Keycloak instance on provider initialization
- jwt_
signing_ stralg - The algorithm used to sign the JWT when client-jwt is used. Defaults to RS256.
- jwt_
signing_ strkey - The PEM-formatted private key used to sign the JWT when client-jwt is used.
- password str
- realm str
- red_
hat_ boolsso - When true, the provider will treat the Keycloak instance as a Red Hat SSO server, specifically when parsing the version returned from the /serverinfo API endpoint.
- root_
ca_ strcertificate - Allows x509 calls using an unknown CA certificate (for development purposes)
- tls_
insecure_ boolskip_ verify - Allows ignoring insecure certificates when set to true. Defaults to false. Disabling security check is dangerous and should be avoided.
- url str
- The base URL of the Keycloak instance, before
/auth - username str
- additional
Headers Map<String> - base
Path String - client
Id String - client
Secret String - client
Timeout Number - Timeout (in seconds) of the Keycloak client
It can also be sourced from the following environment variable:
KEYCLOAK_CLIENT_TIMEOUT - initial
Login Boolean - Whether or not to login to Keycloak instance on provider initialization
- jwt
Signing StringAlg - The algorithm used to sign the JWT when client-jwt is used. Defaults to RS256.
- jwt
Signing StringKey - The PEM-formatted private key used to sign the JWT when client-jwt is used.
- password String
- realm String
- red
Hat BooleanSso - When true, the provider will treat the Keycloak instance as a Red Hat SSO server, specifically when parsing the version returned from the /serverinfo API endpoint.
- root
Ca StringCertificate - Allows x509 calls using an unknown CA certificate (for development purposes)
- tls
Insecure BooleanSkip Verify - Allows ignoring insecure certificates when set to true. Defaults to false. Disabling security check is dangerous and should be avoided.
- url String
- The base URL of the Keycloak instance, before
/auth - username String
Outputs
All input properties are implicitly available as output properties. Additionally, the Provider resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Provider Resource Methods
TerraformConfig Method
This function returns a Terraform config object with terraform-namecased keys,to be used with the Terraform Module Provider.
Using TerraformConfig
terraformConfig(): Output<Provider.TerraformConfigResult>def terraform_config() -> Output[Provider.Terraform_configResult]func (r *Provider) TerraformConfig() (ProviderTerraformConfigResultOutput, error)public Output<Provider.TerraformConfigResult> TerraformConfig()TerraformConfig Result
- Result Dictionary<string, object>
- Result map[string]interface{}
- result Map<String,Object>
- result {[key: string]: any}
- result Mapping[str, Any]
- result Map<Any>
Package Details
- Repository
- Keycloak pulumi/pulumi-keycloak
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
keycloakTerraform Provider.
