Free Generator

Keycloak Config Generator

Generate production-ready Keycloak realm JSON configurations. Build realms, clients, and roles through an intuitive wizard.

Valid Keycloak 22+ JSON No Signup Required Download or Copy
1 Realm
2 Clients
3 Roles
4 Export

Realm Configuration

Configure your Keycloak realm basics. A realm manages a set of users, credentials, roles, and groups.

Lowercase letters, numbers, and hyphens only

Client Applications

Add client applications that will authenticate against this realm.

Realm Roles

Define roles that can be assigned to users in this realm.

Export Configuration

Your Keycloak realm configuration is ready. Download or copy the JSON.

JSON 

					


					

						
					


					

						
How to Import

						
    
							
  1. Open Keycloak Admin Console
    2. 
							
  2. Click "Create Realm" in the dropdown
    3. 
							
  3. Click "Browse" and select your downloaded file
    4. 
							
  4. Click "Create"
    5. 
						

					

				


				
				

					
					
				

			

		

	


	
	

	
	

		

			
Skip the Ops Burden

			
Skycloak runs and manages Keycloak for you. Get all the power of Keycloak without the infrastructure headaches.

			
				Start Free Trial
				
					
					
				
			
		

	


	
	

		

			

				

					
						
							
							
							
						
					
					Keycloak Realm Best Practices
				

				

					
    
						
  • One Realm Per Tenant: For multi-tenant SaaS, consider separate realms or use Keycloak organizations
    • 
						
  • Meaningful Names: Use lowercase, hyphenated names (e.g., my-app-prod)
    • 
						
  • Session Timeouts: Balance security (shorter) vs UX (longer). 30min idle, 10hr max is common
    • 
						
  • Email Verification: Enable for production to ensure valid user emails
    • 
					

				

			


			

				

					
						
							
							
							
							
						
					
					Client Types Explained
				

				

					
    
						
  • Public: For SPAs, mobile apps, and native apps where the client secret cannot be safely stored
    • 
						
  • Confidential: For server-side applications that can securely store a client secret
    • 
						
  • Bearer Only: For APIs that only validate tokens and never initiate login flows
    • 
					

					
Most modern web apps use a Public client with PKCE for the frontend and a Confidential client for the backend API.

				

			


			

				

					
						
							
						
					
					Role-Based Access Control
				

				

					
Realm Roles are global to the realm and can be assigned to any user. Common examples: admin, user, moderator.

					
Client Roles are scoped to a specific client application. Useful for application-specific permissions like billing:read, billing:write.

					
Composite Roles can contain other roles. Example: super-admin includes both admin and billing-admin.

				

			


			

				

					
						
							
							
						
					
					Importing Your Realm
				

				

					
Via Admin Console: Master realm > Create Realm > Browse > Select JSON file

					
Via Docker:

					
docker run -v ./realm.json:/opt/keycloak/data/import/realm.json \
  quay.io/keycloak/keycloak start-dev \
  --import-realm

					
Via Kubernetes: Mount the realm JSON as a ConfigMap and use the import flag.

				

			

		

	


	
	

		

			
More Developer Tools

			

				
					

						
							
							
						
					

					
Pricing Calculator

					
Estimate your cost with clusters, domains, and add-ons.

				

				
					

						
							
							
							
						
					

					
SAML Decoder

					
Decode and inspect SAML requests and responses.

				

				
					

						
							
							
						
					

					
JWT Decoder

					
Decode, verify, and inspect JSON Web Tokens.

				

				
					

						
							
							
							
							
						
					

					
SCIM Tester

					
Build and validate SCIM provisioning requests.

				

				
					

						
							
							
						
					

					
ROI Calculator

					
Calculate potential savings with managed identity.

				

				
					

						
							
							
							
							
						
					

					
Docker Compose Generator

					
Generate Docker Compose files for Keycloak deployments.

				
			

		

	














© 2026 All Rights Reserved. Made by Yasser