Re: [keycloak-dev] realm import/upload implemented

From: "Bill Burke" <bburke(a)redhat.com&gt; To: "Stian Thorgersen" <stian(a)redhat.com&gt; Cc: keycloak-dev(a)lists.jboss.org Sent: Thursday, 19 December, 2013 3:49:00 PM Subject: Re: [keycloak-dev] realm import/upload implemented Ya, i was talking solely about private keys and credentials. I think a "full" export might also be needed for migration. For example if the persistence model changes between Keycloak 1.0 and Keycloak 2.0 or users want to completely change their backend database type, i.e. RDBMS - Mongo.

On 12/19/2013 10:41 AM, Stian Thorgersen wrote: > If someone can access the REST endpoints they can quite easily do an > "export" themselves. > > What should not be exposed through the REST endpoints is the private key or > any credentials. So an export will not work fully. Export/import would > require re-generating keys + resetting all user/app/client passwords. Even > hashed passwords can be cracked so we shouldn't have a REST endpoint > exposing them.. > > ----- Original Message ----- >> From: "Bill Burke" <bburke(a)redhat.com&gt; >> To: keycloak-dev(a)lists.jboss.org >> Sent: Thursday, 19 December, 2013 2:14:15 PM >> Subject: Re: [keycloak-dev] realm import/upload implemented >> >> >> >> On 12/19/2013 3:42 AM, Stian Thorgersen wrote: >>> >>> >>> ----- Original Message ----- >>>> From: "Marek Posolda" <mposolda(a)redhat.com&gt; >>>> To: "Gabriel Cardoso" <gcardoso(a)redhat.com&gt; >>>> Cc: keycloak-dev(a)lists.jboss.org >>>> Sent: Thursday, 19 December, 2013 5:50:57 AM >>>> Subject: Re: [keycloak-dev] realm import/upload implemented >>>> >>>> I wonder if we also want to support export existing realms to JSON file >>>> in >>>> admin console? Might be useful especially for migration between >>>> environments >>>> (from stage to production etc) >>> >>> +1 >>> >> >> I thought about this long ago, that any export facility should only be >> available locally and not remotely. Maybe I'm just overparanoid? >> >> Bill >> >> >> -- >> Bill Burke >> JBoss, a division of Red Hat >> http://bill.burkecentral.com >> _______________________________________________ >> keycloak-dev mailing list >> keycloak-dev(a)lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/keycloak-dev >> -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com