Keycloak lost admin password

Question

I have a local test installation of keycloak 12 and unfortunately I've lost the admin password, any idea on how to reset it or reset the keycloak configuration without losing the realms ?

I already used add-user cli command to add a user but even with that one I can't access

Answer 1

If you are using Keycloak Docker image, you can get admin crendential using docker inspect:

docker inspect <keycloak_container_id>

then search for Config > Env, you will find KEYCLOAK_USER and KEYCLOAK_PASSWORD.

Answer 2

The Keycloak's admin user is created only during the first initialization of the container image. Once it's created, the environment variable KEYCLOAK_PASSWORD has no effect. When restarting the pod you can see in the initialization logs:

16:16:35,881 WARN  [org.keycloak.services] (ServerService Thread Pool -- 62) KC-SERVICES0104: Not creating user admin. It already exists.

To create a new admin user you should delete the current one in the database. Or just change the admin username to admin_bkp if you prefer. After this, just restart the container and the admin user is created again.

Connect to the database

$ kubectl exec -it keycloak-database-bd94f668c-rvmbt -- bashbash-5.1$ psql $ keycloak -U postgre -W

Delete or update the current admin user:

psql (12.10)
Type "help" for help.
keycloak=# update  user_entity set "username"='admin_bkp' where "username"='admin';
UPDATE 1

Delete the application pod

$ kubectl delete pod keycloak-database-bd94f668c-rvmbt

Now you should be able to log in using the admin user passed through the environment variables KEYCLOAK_USER and KEYCLOAK_PASSWORD