Keycloak v5.1.0, Mar 14 23

keycloak.RealmKeystoreRsa

Allows for creating and managing rsa Realm keystores within Keycloak.

A realm keystore manages generated key pairs that are used by Keycloak to perform cryptographic signatures and encryption.

Example Usage

Coming soon!

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.Realm;
import com.pulumi.keycloak.RealmArgs;
import com.pulumi.keycloak.RealmKeystoreRsa;
import com.pulumi.keycloak.RealmKeystoreRsaArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var realm = new Realm("realm", RealmArgs.builder()        
            .realm("my-realm")
            .build());

        var keystoreRsa = new RealmKeystoreRsa("keystoreRsa", RealmKeystoreRsaArgs.builder()        
            .realmId(realm.id())
            .enabled(true)
            .active(true)
            .privateKey("<your rsa private key>")
            .certificate("<your certificate>")
            .priority(100)
            .algorithm("RS256")
            .keystoreSize(2048)
            .build());

    }
}

Coming soon!

resources:
  realm:
    type: keycloak:Realm
    properties:
      realm: my-realm
  keystoreRsa:
    type: keycloak:RealmKeystoreRsa
    properties:
      realmId: ${realm.id}
      enabled: true
      active: true
      privateKey: <your rsa private key>
      certificate: <your certificate>
      priority: 100
      algorithm: RS256
      keystoreSize: 2048

Create RealmKeystoreRsa Resource

new RealmKeystoreRsa(name: string, args: RealmKeystoreRsaArgs, opts?: CustomResourceOptions);

@overload
def RealmKeystoreRsa(resource_name: str,
                     opts: Optional[ResourceOptions] = None,
                     active: Optional[bool] = None,
                     algorithm: Optional[str] = None,
                     certificate: Optional[str] = None,
                     enabled: Optional[bool] = None,
                     name: Optional[str] = None,
                     priority: Optional[int] = None,
                     private_key: Optional[str] = None,
                     realm_id: Optional[str] = None)
@overload
def RealmKeystoreRsa(resource_name: str,
                     args: RealmKeystoreRsaArgs,
                     opts: Optional[ResourceOptions] = None)

func NewRealmKeystoreRsa(ctx *Context, name string, args RealmKeystoreRsaArgs, opts ...ResourceOption) (*RealmKeystoreRsa, error)

public RealmKeystoreRsa(string name, RealmKeystoreRsaArgs args, CustomResourceOptions? opts = null)

public RealmKeystoreRsa(String name, RealmKeystoreRsaArgs args)
public RealmKeystoreRsa(String name, RealmKeystoreRsaArgs args, CustomResourceOptions options)

type: keycloak:RealmKeystoreRsa
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string: The unique name of the resource.
args RealmKeystoreRsaArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args RealmKeystoreRsaArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args RealmKeystoreRsaArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args RealmKeystoreRsaArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args RealmKeystoreRsaArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

RealmKeystoreRsa Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The RealmKeystoreRsa resource accepts the following input properties:

Certificate string: X509 Certificate encoded in PEM format.
PrivateKey string: Private RSA Key encoded in PEM format.
RealmId string: The realm this keystore exists in.
Active bool: When false, key in not used for signing. Defaults to true.
Algorithm string: Intended algorithm for the key. Defaults to RS256
Enabled bool: When false, key is not accessible in this realm. Defaults to true.
Name string: Display name of provider when linked in admin console.
Priority int: Priority for the provider. Defaults to 0

Certificate string: X509 Certificate encoded in PEM format.
PrivateKey string: Private RSA Key encoded in PEM format.
RealmId string: The realm this keystore exists in.
Active bool: When false, key in not used for signing. Defaults to true.
Algorithm string: Intended algorithm for the key. Defaults to RS256
Enabled bool: When false, key is not accessible in this realm. Defaults to true.
Name string: Display name of provider when linked in admin console.
Priority int: Priority for the provider. Defaults to 0

certificate String: X509 Certificate encoded in PEM format.
privateKey String: Private RSA Key encoded in PEM format.
realmId String: The realm this keystore exists in.
active Boolean: When false, key in not used for signing. Defaults to true.
algorithm String: Intended algorithm for the key. Defaults to RS256
enabled Boolean: When false, key is not accessible in this realm. Defaults to true.
name String: Display name of provider when linked in admin console.
priority Integer: Priority for the provider. Defaults to 0

certificate string: X509 Certificate encoded in PEM format.
privateKey string: Private RSA Key encoded in PEM format.
realmId string: The realm this keystore exists in.
active boolean: When false, key in not used for signing. Defaults to true.
algorithm string: Intended algorithm for the key. Defaults to RS256
enabled boolean: When false, key is not accessible in this realm. Defaults to true.
name string: Display name of provider when linked in admin console.
priority number: Priority for the provider. Defaults to 0

certificate str: X509 Certificate encoded in PEM format.
private_key str: Private RSA Key encoded in PEM format.
realm_id str: The realm this keystore exists in.
active bool: When false, key in not used for signing. Defaults to true.
algorithm str: Intended algorithm for the key. Defaults to RS256
enabled bool: When false, key is not accessible in this realm. Defaults to true.
name str: Display name of provider when linked in admin console.
priority int: Priority for the provider. Defaults to 0

certificate String: X509 Certificate encoded in PEM format.
privateKey String: Private RSA Key encoded in PEM format.
realmId String: The realm this keystore exists in.
active Boolean: When false, key in not used for signing. Defaults to true.
algorithm String: Intended algorithm for the key. Defaults to RS256
enabled Boolean: When false, key is not accessible in this realm. Defaults to true.
name String: Display name of provider when linked in admin console.
priority Number: Priority for the provider. Defaults to 0

Outputs

All input properties are implicitly available as output properties. Additionally, the RealmKeystoreRsa resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing RealmKeystoreRsa Resource

Get an existing RealmKeystoreRsa resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: RealmKeystoreRsaState, opts?: CustomResourceOptions): RealmKeystoreRsa

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        active: Optional[bool] = None,
        algorithm: Optional[str] = None,
        certificate: Optional[str] = None,
        enabled: Optional[bool] = None,
        name: Optional[str] = None,
        priority: Optional[int] = None,
        private_key: Optional[str] = None,
        realm_id: Optional[str] = None) -> RealmKeystoreRsa

func GetRealmKeystoreRsa(ctx *Context, name string, id IDInput, state *RealmKeystoreRsaState, opts ...ResourceOption) (*RealmKeystoreRsa, error)

public static RealmKeystoreRsa Get(string name, Input<string> id, RealmKeystoreRsaState? state, CustomResourceOptions? opts = null)

public static RealmKeystoreRsa get(String name, Output<String> id, RealmKeystoreRsaState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Active bool: When false, key in not used for signing. Defaults to true.
Algorithm string: Intended algorithm for the key. Defaults to RS256
Certificate string: X509 Certificate encoded in PEM format.
Enabled bool: When false, key is not accessible in this realm. Defaults to true.
Name string: Display name of provider when linked in admin console.
Priority int: Priority for the provider. Defaults to 0
PrivateKey string: Private RSA Key encoded in PEM format.
RealmId string: The realm this keystore exists in.

Active bool: When false, key in not used for signing. Defaults to true.
Algorithm string: Intended algorithm for the key. Defaults to RS256
Certificate string: X509 Certificate encoded in PEM format.
Enabled bool: When false, key is not accessible in this realm. Defaults to true.
Name string: Display name of provider when linked in admin console.
Priority int: Priority for the provider. Defaults to 0
PrivateKey string: Private RSA Key encoded in PEM format.
RealmId string: The realm this keystore exists in.

active Boolean: When false, key in not used for signing. Defaults to true.
algorithm String: Intended algorithm for the key. Defaults to RS256
certificate String: X509 Certificate encoded in PEM format.
enabled Boolean: When false, key is not accessible in this realm. Defaults to true.
name String: Display name of provider when linked in admin console.
priority Integer: Priority for the provider. Defaults to 0
privateKey String: Private RSA Key encoded in PEM format.
realmId String: The realm this keystore exists in.

active boolean: When false, key in not used for signing. Defaults to true.
algorithm string: Intended algorithm for the key. Defaults to RS256
certificate string: X509 Certificate encoded in PEM format.
enabled boolean: When false, key is not accessible in this realm. Defaults to true.
name string: Display name of provider when linked in admin console.
priority number: Priority for the provider. Defaults to 0
privateKey string: Private RSA Key encoded in PEM format.
realmId string: The realm this keystore exists in.

active bool: When false, key in not used for signing. Defaults to true.
algorithm str: Intended algorithm for the key. Defaults to RS256
certificate str: X509 Certificate encoded in PEM format.
enabled bool: When false, key is not accessible in this realm. Defaults to true.
name str: Display name of provider when linked in admin console.
priority int: Priority for the provider. Defaults to 0
private_key str: Private RSA Key encoded in PEM format.
realm_id str: The realm this keystore exists in.

active Boolean: When false, key in not used for signing. Defaults to true.
algorithm String: Intended algorithm for the key. Defaults to RS256
certificate String: X509 Certificate encoded in PEM format.
enabled Boolean: When false, key is not accessible in this realm. Defaults to true.
name String: Display name of provider when linked in admin console.
priority Number: Priority for the provider. Defaults to 0
privateKey String: Private RSA Key encoded in PEM format.
realmId String: The realm this keystore exists in.

Import

Realm keys can be imported using realm name and keystore id, you can find it in web UI. Examplebash

 $ pulumi import keycloak:index/realmKeystoreRsa:RealmKeystoreRsa keystore_rsa my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b

Package Details

Repository: Keycloak pulumi/pulumi-keycloak
License: Apache-2.0
Notes: This Pulumi package is based on the keycloak Terraform Provider.