How to set up Keycloak with Docker

In this post I will show you how to run Keycloak inside a Docker container.

As you might know Keycloak Is a great Open Source tool for identity and access management. You can use it to secure your web application. One main feature ist to secure your application with a login and registration form or provide Security tokens.

I will use the latest Keycloak Docker image from docker hub to run it localy on my own machine.

Getting started

To set up your docker container image you first have to download the proper image with the following command

docker pull jboss/keycloak

The image will be downloaded and extracted with the latest version.

Pulling the newest Keycloak Docker image

After that you should initialy start the container with some parameters which I’m going to describe afterwards.

docker run -e KEYCLOAK_USER=user -e KEYCLOAK_PASSWORD=password -p 8080:8080 --name keycloak-bootstrap -d jboss/keycloak
  • docker run <Image name>:
    Thats the command that lets you start a start a Docker image. A name of an image is expected as parameter. In our case that would be tha last part of the command “jboss/keycloak”
  • -e KEYCLOAK_USER=user -e KEYCLOAK_PASSWORD=password:
    The “-e” flag sets evniroment variables for the container you want to run. Likewise, you could also use “–env”. We are passing an initial user and its password. These variables will be used to access the admin console later on.
  • -p 8080:8080:
    With the “-p” flag we tell docker to map the local port to the port of the conatiner. Thats a common usecase when you run your container on your local machine.
  • –name keycloak-bootstrap:
    You can name your container with the “–name” flag. In our example we used the name “keycloak-bootstrap” to differentiate it from other containers and make it more readable.
  • -d:
    The “-d” flag stand for detached. It allows you to use your command line window to make further inputs. As a result, it also returns a container id, which identifies you container. If you dont use this flag, you can more interact with your command line window and you have to open a new one.

After you have entered the command, you will receive an id. This is the long version of your container id. Why the longer version you may ask? With the “docker ps” command you will get a much shorter id. But both serve the same purpose.

Running the “run” command and checking the running containers

Accessing Keycloak by browser

Since we used port binding to our local machine, we can access the admin console of Keycloak by simply typing the following url to our browser


You should automatically be redirected to the Keycloak console. Here you can choose to move to the “Administration Console” on the left

Keycloak landing page

Next you should be prompted to type in an username and some password. Since we used our enviroment variables to create a new use, we have to use these credentials to login.

Login page to Keycloak Admin Console

After you logged in, you have acess to your Master realm which is the main realm of your Keycloak instance.

Congratulation! You are now using Keycloak in a Docker container. However, to find out what you can do next, you should have look at official documentation