From 69016e588534e55fcbd0987ad004cd26bda5c429 Mon Sep 17 00:00:00 2001 From: Peter Zaoral Date: Tue, 23 Jul 2024 12:50:22 +0200 Subject: [PATCH] Added section about start command bootstrapping options Signed-off-by: Peter Zaoral --- docs/guides/server/bootstrap-admin-recovery.adoc | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/docs/guides/server/bootstrap-admin-recovery.adoc b/docs/guides/server/bootstrap-admin-recovery.adoc index 2cdf80102f40..60933bc197bd 100644 --- a/docs/guides/server/bootstrap-admin-recovery.adoc +++ b/docs/guides/server/bootstrap-admin-recovery.adoc @@ -10,6 +10,16 @@ summary="Learn how to bootstrap and recover admin account."> A user account created using one of the methods described below is *temporary*. This means the account should exist only for the duration necessary to perform operations needed to gain permanent and more secure admin access. Various UI/UX elements, such as the Administration Console warning banner, labels, and log messages, will indicate to a {project_name} administrator that the account is temporary. +== Bootstrapping a temporary admin account at {project_name} startup + +{project_name} `start` and `start-dev` commands support options for bootstrapping both temporary admin users and admin service accounts. These options are standard configuration options, so they can be specified in any of the https://www.keycloak.org/server/configuration#_configuring_sources_for_keycloak[configuration sources]. For instance, the following examples demonstrate how to use the `start` and `start-dev` commands with CLI parameters to bootstrap a temporary admin user and an admin service account, respectively: + +<@kc.start parameters="--bootstrap-admin-username tmpadm --bootstrap-admin-password pass"/> + +<@kc.startdev parameters="--bootstrap-admin-client-id tmpadm --bootstrap-admin-client-secret secret"/> + +The purpose of these options is solely for bootstrapping temporary admin accounts. The accounts are always created in the master realm. For recovering lost admin access, use the dedicated command described in the sections below. + == Bootstrapping an admin user using a dedicated command To create a temporary admin user, execute the following command: