[keycloak-user] Best practices for building appliances

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 All, In our project, we plan to have a distribution where we ship our application with a Wildfly bundled, a la Keycloak Appliance. My main concern is shipping our distribution with a default pair of realm keys or with a pre-filled database. I know it's possible to import a realm on the first boot and KC will generate the required keys if they are missing from the imported JSON template, but as we are shipping our own WAR, we would need to get the public key into our application's keycloak.json (or subsystem) before it gets deployed. I wonder if this is a common situation and what would be the best practices for such case. I think Stian mentioned before that a future version of KC would allow auto registration of applications, but until that is available, I'd be interested in hearing your experiences about it. Another situation is for a contributor of the project or for users who would want to build from the source: what would be the best practice for generating new keys at each build? If there's no easy solution for that now, I'd be interested in building a "keycloak-cli" utility that would generate realm and application JSON files, possibly with a Maven plugin wrapper to make it easier to consume from maven projects. Would something like that be interesting for the project? Best, Juca.