Keycloak, the open source software for identity and access management (IAM) with single sign-on, moves as a new incubator project under the umbrella of the Cloud Native Computing Foundation (CNCF). The IAM tool, previously primarily supported by Red Hat, was recently extensively refactored and migrated from Red Hat’s application server WildFly to a Quarkus-based operator, which, among other things, simplifies installation in Kubernetes environments. With the participation of the CNCF community, Keycloak is set to mature into a cloud-native tool that also contributes to higher API security.
More security for APIs and for identity and access management
Originally developed in 2014 by Red Hat engineers Bill Burke and Stian Thorgersen, the IAM tool has established itself in the open source community, as some of the project’s metrics make clear – including the more than 15,000 stars on GitHub or the according to CNCF- Announcement measured 150,000 monthly visitors to the keycloak.org website at the end of 2022. Keycloak also has a permanent place in identity and access management in many companies.
In order to integrate the IAM tool more closely into the cloud-native ecosystem around Kubernetes, the Keycloak development team initiated a comprehensive refactoring. In the course of this, the Kubernetes operator was migrated to a Quarkus substructure, among other things. This conversion has been considered complete since the release of Keycloak 20 at the end of last year. “The new Quarkus distribution in Keycloak offers a significantly improved configuration experience and reduces startup time, memory footprint and the number of dependencies,” commented Thorgersen, Red Hat project lead for Keycloak.
The next step for the team is to focus on usability improvements. As a containerized IAM service, Keycloak can already be installed quickly and ready for use via Kubernetes, but provision and operation, especially in larger environments, should be even easier in the future and follow cloud-native practices.
Benefit from the cloud-native ecosystem
Now that the CNCF Technical Oversight Committee (TOC) has officially raised Keycloak to the status of an organization’s incubating project, the further development of the IAM tool should benefit from the expertise and commitment of the cloud-native community, not only Keycloak maintainer Takashi Norimatsu hopes from the user company Hitachi. The already close integration with CNCF projects such as Prometheus, Argo, Envoy, Jaeger and Kubernetes gives Keycloak a good starting position.
Further information on the plans of those responsible can be found in the CNCF announcement and on the project website, where Keycloak is currently available in version 21.0.2.