This guide provides an overview of the platforms, versions, and configurations that are tested and supported for running Keycloak in production environments.
Keycloak requires a Java Virtual Machine (JVM) to run. The following Java Development Kit (JDK) versions are supported:
OpenJDK 17 (LTS)
OpenJDK 21 (LTS)
OpenJDK 25 (LTS)
| To benefit from the latest performance improvements, we suggest using the latest supported JDK version for production deployments. This is currently OpenJDK 25. |
Keycloak provides official container image that is using OpenJDK 21. Consider this when writing custom extensions. For more details on the container image, see Running Keycloak in a container.
Keycloak can be deployed in various environments:
Bare Metal / Virtual Machines - Direct installation on Linux or Windows servers
Containers - Docker, Podman
Kubernetes - OpenShift 4.18-4.21, corresponding to Kubernetes API 1.31-1.34
| Other non-OpenShift Kubernetes distributions (like Amazon EKS or Azure Kubernetes Service etc.) are supported only in a best-effort manner, i.e. support will be provided for issues that are specific to the supported Kubernetes API or OpenShift versions, but issues that are reproducible only on a particular Kubernetes distribution may not be supported. |
| The supported versions of each respective environment are limited to the versions that are currently supported by the respective vendors. For example, for OpenShift, only the versions that are currently supported by Red Hat are supported by Keycloak. |
Keycloak has built-in support for different relational databases. The following table lists the supported databases and their tested versions.
| Database | Supported Versions |
|---|---|
MariaDB Server |
11.8 (LTS), 11.4 (LTS), 10.11 (LTS), 10.6 (LTS) |
Microsoft SQL Server |
2022, 2019 |
MySQL |
8.4 (LTS), 8.0 (LTS) |
Oracle Database |
23.x (i.e 23.5+), 19c (19.3+) (Note: Oracle RAC is also supported if using the same database engine version, e.g 23.5+, 19.3+) |
PostgreSQL |
18.x, 17.x, 16.x, 15.x, 14.x |
EnterpriseDB Advanced |
18.x, 17.x |
Amazon Aurora PostgreSQL |
17.x, 16.x, 15.x |
Azure SQL Database |
latest |
Azure SQL Managed Instance |
latest |
For details on configuring a supported database, see Configuring the database guide.
The Keycloak UI including login pages, Admin Console and Account Console are supported with the following browsers:
| Browser | Supported Versions |
|---|---|
Google Chrome |
Latest stable version |
Mozilla Firefox |
Latest stable version |
Microsoft Edge |
Latest stable version |
Apple Safari |
Latest stable version |
| Both desktop and mobile versions of the browsers are supported. |
| The Admin Console and Account Console require JavaScript to be enabled. Browsers must support modern web standards including ES6+, WebAuthn, and Web Crypto API for full functionality. |
Keycloak supports clustering for high availability and scalability using external Infinispan 16.0.8. For details, visit the High availability overview.
The hardware requirements for running Keycloak depend on the expected load and deployment environment. Consult the High availability overview for recommendations on hardware sizing for different deployment scenarios.