If you are using PosgreSQL for Keycloak, you can obtain the realm private key as follows:
In case you are using the Bitnami Keycloak Helm Chart, you should first access the database pod. In case you are using another type of installation, skip this step:
kubectl -n keycloak exec -ti keycloak-postgresql-0 -- bashThen, connect to the database using psql:
PAGER='' PGPASSWORD=passWORD psql -h keycloak-postgresql-0 -p 5432 \-U bn_keycloak -d bitnami_keycloak -tbitnami_keycloak=> Once connected, execute the following query (replace tenant for your realm name):
SELECT CC.VALUEFROM COMPONENT_CONFIG CCINNER JOIN COMPONENT C ON CC.COMPONENT_ID = C.IDINNER JOIN REALM R ON C.REALM_ID = R.IDWHERE R.NAME = 'tenant' AND C.NAME = 'rsa-generated' AND CC.name = 'privateKey';You will receive the private without the header/trailer. So, you should store the key in a file (i.e. tenant.key) which should have this format:
-----BEGIN RSA PRIVATE KEY-----[VALUE OBTAINED FROM DB]-----END RSA PRIVATE KEY-----Finally, validate the key using openssl like this:
$ openssl rsa -check -in tenant.keyRSA key okwriting RSA key-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----