Member-only story
Configuring MinIO Authentication Using Keycloak with Docker Compose
MinIO is a high-performance, S3-compatible object storage system, widely used for self-hosted data infrastructure. While MinIO supports various identity providers through OpenID Connect (OIDC), integrating it with Keycloak, an open-source identity and access management solution, provides a powerful, centralized way to manage user access and authentication.This article demonstrates how to deploy Keycloak and MinIO using Docker Compose, and configure MinIO to authenticate users via Keycloak. This approach allows seamless identity federation, fine-grained access control, and improved security practices.
Part 1: Deploying Keycloak with Docker Compose
We begin by setting up a basic Keycloak environment using Docker Compose. This includes a Keycloak container, a backing PostgreSQL database, and environment variables required for bootstrapping.
Docker Compose File for Keycloak:
services:
db:
image: postgres:latest
environment:
POSTGRES_DB: postgres
POSTGRES_USER: admin
POSTGRES_PASSWORD: admin
ports:
- "5432:5432"
networks:
- kc_network
keycloak:
image: quay.io/keycloak/keycloak:latest
environment:
KC_HOSTNAME: kc.example.com #<---- Change this according to your environment
KC_HOSTNAME_PORT: 8080
KC_HOSTNAME_STRICT_BACKCHANNEL: "true"
KEYCLOAK_ADMIN: admin
KEYCLOAK_ADMIN_PASSWORD: admin
KC_HEALTH_ENABLED: "true"
KC_LOG_LEVEL: info
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8080/health/ready"]
interval: 15s
timeout: 2s
retries: 15
command: ["start-dev", "--http-port", "8080", "--https-port", "8443", "--import-realm"]
volumes: # Ignore if you don't have realm-export.json to migrate data
- ../keycloak/realm-export.json:/opt/keycloak/data/import/realm-export.json
ports:
- "8080:8080"
- "8443:8443"
networks:
- kc_network
networks:
kc_network:
driver: bridgeBring up both services:
docker-compose up -d
then Visit Keycloak at http://kc.example.com:8080 (or your mapped host/port).
- Login with the initial admin credentials set via…
