Skip to content

feat: separate keycloak config and user exports #304#732

Open
yash-blip-ys wants to merge 1 commit intoaiondemand:developfrom
yash-blip-ys:feature/separate-keycloak-backups-304
Open

feat: separate keycloak config and user exports #304#732
yash-blip-ys wants to merge 1 commit intoaiondemand:developfrom
yash-blip-ys:feature/separate-keycloak-backups-304

Conversation

@yash-blip-ys
Copy link

@yash-blip-ys yash-blip-ys commented Mar 17, 2026

Change(s)

This PR refactors the Keycloak backup and restoration process. It decouples the realm configuration from user data (PII) to allow for safer environment sharing and independent rollbacks of user accounts without affecting system settings.

Change Type:

Feature / Infrastructure Improvement

Change Category:

Keycloak / DevOps / Security

Changelog Entry:

feat: separate keycloak config and user exports for independent backups (#304)

### How to Test
Export Test: Run bash scripts/realm_export.sh.

Verification: Check that aiod-realm.json (no users) and aiod-users.json (users included) are created in the export directory.

Import Test: Run bash scripts/realm_import_users.sh.

Verification: Ensure users are merged into the existing realm. The script uses --override false, so verify that existing users are not corrupted or overwritten.

Dry Run: Run the import script without the backup file present to verify the error handling and validation logic.

### Checklist
[x] Tests have been added or updated to reflect the changes, or their absence is explicitly explained. (Manual verification conducted in Git Bash environment).

[x] Documentation has been added or updated to reflect the changes. (Updated script logic and added inline documentation).

[x] A self-review has been conducted.

[x] All CI checks pass before pinging a reviewer.

[x] The PR title matches the changelog entry's one-line description.

Related Issues
Resolves #304

@yash-blip-ys
Copy link
Author

yash-blip-ys commented Mar 17, 2026

Hi @PGijsbers,

Following up on the concerns raised in #304, I’ve implemented this solution to decouple the realm configuration from user PII. This ensures that the team can safely share configurations while keeping user data protected and recoverable.

### Key Technical Highlights:

Idempotency: The new realm_import_users.sh uses --override false, making it safe to run multiple times without risk of data corruption or session loss.

Flexibility: Added logic to accept custom file paths while maintaining sensible defaults for the existing Docker environment.

Consistency: This is my second contribution to the project (following #699), and I’ve ensured these scripts follow the existing project structure and bash safety standards (set -euo pipefail).

Tested locally via Git Bash and ready for review. I’m excited to contribute more to the AIoD ecosystem as part of my eSOC '26 preparation!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Look into storing users separately in keycloak backup

1 participant

@yash-blip-ys