[keycloak-dev] realm import/upload implemented
Bill Burke
bburke at redhat.com
Thu Dec 19 10:49:00 EST 2013
Ya, i was talking solely about private keys and credentials.
I think a "full" export might also be needed for migration. For example
if the persistence model changes between Keycloak 1.0 and Keycloak 2.0
or users want to completely change their backend database type, i.e.
RDBMS - Mongo.
On 12/19/2013 10:41 AM, Stian Thorgersen wrote:
> If someone can access the REST endpoints they can quite easily do an "export" themselves.
>
> What should not be exposed through the REST endpoints is the private key or any credentials. So an export will not work fully. Export/import would require re-generating keys + resetting all user/app/client passwords. Even hashed passwords can be cracked so we shouldn't have a REST endpoint exposing them..
>
> ----- Original Message -----
>> From: "Bill Burke" <bburke at redhat.com>
>> To: keycloak-dev at lists.jboss.org
>> Sent: Thursday, 19 December, 2013 2:14:15 PM
>> Subject: Re: [keycloak-dev] realm import/upload implemented
>>
>>
>>
>> On 12/19/2013 3:42 AM, Stian Thorgersen wrote:
>>>
>>>
>>> ----- Original Message -----
>>>> From: "Marek Posolda" <mposolda at redhat.com>
>>>> To: "Gabriel Cardoso" <gcardoso at redhat.com>
>>>> Cc: keycloak-dev at lists.jboss.org
>>>> Sent: Thursday, 19 December, 2013 5:50:57 AM
>>>> Subject: Re: [keycloak-dev] realm import/upload implemented
>>>>
>>>> I wonder if we also want to support export existing realms to JSON file in
>>>> admin console? Might be useful especially for migration between
>>>> environments
>>>> (from stage to production etc)
>>>
>>> +1
>>>
>>
>> I thought about this long ago, that any export facility should only be
>> available locally and not remotely. Maybe I'm just overparanoid?
>>
>> Bill
>>
>>
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>> http://bill.burkecentral.com
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list