Deploy keycloak
Railway template for keycloak
keycloak
Just deployed
Deploy and Host Keycloak on Railway
Keycloak is an open-source identity and access management (IAM) solution developed by Red Hat. It provides single sign-on (SSO), social login, OIDC/OAuth 2.0/SAML authentication, and centralized user management — all in a single Docker container on Railway.
About Hosting
Keycloak gives you enterprise-grade authentication without the complexity of managing a dedicated identity infrastructure:
- Single Sign-On — authenticate once across all your applications
- Protocol Support — OIDC, OAuth 2.0, SAML 2.0, and LDAP integration
- Social Login — built-in support for Google, GitHub, Facebook, and more
- User Federation — sync users from LDAP/Active Directory
- Centralized Management — admin console for users, roles, and permissions
- Railway-native — one-click deploy with auto-generated secrets and PostgreSQL companion
Deploying on Railway means automatic HTTPS, zero-config storage via volume mounts, and a PostgreSQL database provisioned alongside Keycloak — no infrastructure setup required.
Why Deploy Keycloak
- Free & Open Source — Apache 2.0 license, no licensing costs
- Production-Ready — used by enterprises worldwide, backed by Red Hat
- Self-Hosted — your data stays on your infrastructure, no third-party dependency
- Extensible — custom authenticators, event listeners, and themes
- Automatic Secrets — admin passwords and DB credentials are auto-generated by Railway on deploy
Common Use Cases
- Internal App Authentication — secure your company's internal tools with a single login portal
- B2B SaaS Identity — offer SSO and SAML/OIDC to your enterprise customers
- API Security — protect REST APIs with OAuth 2.0 access tokens and PKCE flows
- Multi-App Ecosystem — unify authentication across microservices with a shared identity provider
Dependencies for Running This Template
- A Railway account at https://railway.app
- PostgreSQL companion database (auto-add from the Railway dashboard)
Keycloak is pre-configured to use DB_TYPE=postgres by default, with auto-generated credentials for the admin user and database connection. No additional infrastructure needed.
Deployment Dependencies
To deploy Keycloak on Railway, you need:
- A Railway account at https://railway.app
- PostgreSQL companion database (provisioned automatically via the Railway dashboard)
- A domain or Railway-provided URL for public access
All database credentials and admin secrets are auto-generated by Railway on first deploy — no manual configuration required.
Configuration
The following environment variables can be configured via Railway dashboard or .env:
| Variable | Default | Description |
|---|---|---|
DB_TYPE | postgres | Database engine: postgres for production, sqlite for local dev |
PG_HOSTNAME | localhost | PostgreSQL server hostname (internal to the Railway network) |
PG_PORT | 5432 | Port the PostgreSQL server is listening on |
PG_DATABASE | keycloak | Name of the PostgreSQL database to connect to |
PG_USERNAME | keycloak | Username for the PostgreSQL database connection |
PG_PASSWORD | (auto-generated) | Password for the PostgreSQL database user |
KEYCLOAK_ADMIN_USERNAME | admin | Keycloak admin username (used only on first startup) |
KEYCLOAK_ADMIN_PASSWORD | (auto-generated) | Keycloak admin password (used only on first startup) |
KC_PROXY | edge | Proxy mode: edge, passthrough, or reencrypt |
KC_HTTP_ENABLED | false | Enable plain HTTP listener alongside HTTPS |
KEYCLOAK_HOSTNAME | localhost | Public hostname URL Keycloak generates links with |
PORT | 8080 | Port the service listens on inside the container |
Secrets marked (auto-generated) use Railway's ${{secret(32)}} and are automatically populated on first deploy. You can update them later if needed.
Template Content
keycloak
INAPP-Mobile/keycloak