Ya, i was talking solely about private keys and credentials.
I think a "full" export might also be needed for migration. For example
if the persistence model changes between Keycloak 1.0 and Keycloak 2.0
or users want to completely change their backend database type, i.e.
RDBMS - Mongo.
On 12/19/2013 10:41 AM, Stian Thorgersen wrote:
If someone can access the REST endpoints they can quite easily do an
"export" themselves.
What should not be exposed through the REST endpoints is the private key or any
credentials. So an export will not work fully. Export/import would require re-generating
keys + resetting all user/app/client passwords. Even hashed passwords can be cracked so we
shouldn't have a REST endpoint exposing them..
----- Original Message -----
> From: "Bill Burke" <bburke(a)redhat.com>
> To: keycloak-dev(a)lists.jboss.org
> Sent: Thursday, 19 December, 2013 2:14:15 PM
> Subject: Re: [keycloak-dev] realm import/upload implemented
>
>
>
> On 12/19/2013 3:42 AM, Stian Thorgersen wrote:
>>
>>
>> ----- Original Message -----
>>> From: "Marek Posolda" <mposolda(a)redhat.com>
>>> To: "Gabriel Cardoso" <gcardoso(a)redhat.com>
>>> Cc: keycloak-dev(a)lists.jboss.org
>>> Sent: Thursday, 19 December, 2013 5:50:57 AM
>>> Subject: Re: [keycloak-dev] realm import/upload implemented
>>>
>>> I wonder if we also want to support export existing realms to JSON file in
>>> admin console? Might be useful especially for migration between
>>> environments
>>> (from stage to production etc)
>>
>> +1
>>
>
> I thought about this long ago, that any export facility should only be
> available locally and not remotely. Maybe I'm just overparanoid?
>
> Bill
>
>
> --
> Bill Burke
> JBoss, a division of Red Hat
>
http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com