Docker images for KeyCloak

The documentation below describes KeyCloak, which implements RapidMiner's Identity and Security. This is a component consisting of the following Docker images:

You can read a description for each container below.

These containers are only functional when deployed together, they will not function as intended individually. Check our deployment templates to see how these should be deployed.

KeyCloak Database

This container implements a Postgres database which serves as the configuration store for the KeyCloak backend. This is a standard PostgreSQL docker image.


  • Volumes
    • keycloak-postgresql-vol: docker volume to persist the database data, maps internally to /var/lib/postgresql/data
  • Ports: none.
  • Environment variables:
    • POSTGRES_DB, POSTGRES_USER, POSTGRES_PASSWORD: credentials and database name where the KeyCloak data will be stored. The same values should be provided for the KeyCloak Service container.

KeyCloak Service

This container contains a pre-configured, hardened KeyCloak identity and access management engine. It contains all the definitions needed so that all components of the RapidMiner Platform can implement a single sign-on experience. Please read through our security overview for more information.

For available versions, please see the tags on Docker Hub.


  • Volumes: none.
  • Environment variables:
    • DB_VENDOR: defaults to POSTGRES. Should not be changed unless a custom KeyCloak deployment needs to be integrated.
    • DB_ADDR: (internal) address of the KeyCloak database.
    • DB_DATABASE, DB_SCHEMA: database and schema used for the identity store. Should not be modified.
    • DB_USER, DB_PASSWORD: username and password used to access the KeyCloak database.
    • KEYCLOAK_USER, KEYCLOAK_PASSWORD: initial username and password that will be provisioned as the administrator user. Username defaults to admin, password is either changeit on local deployments, or the VM instance ID in case of cloud image deployments.
    • PROXY_ADDRESS_FORWARDING: controls proxy address forwarding. Defaults to true. Should not be changed.
    • KEYCLOAK_LOGLEVEL, ROOT_LOGLEVEL: not set by default, used for debugging purposes. Set both variables to DEBUG to enable debug logging.