Before reporting an issue

[X] I have read and understood the above terms for submitting issues, and I understand that my issue may be closed without action if I do not follow them.

Area

docs

Describe the bug

Issue with "Format for Raw Quarkus Properties" in Keycloak Documentation

I recently encountered an issue related to Step 3 of the Format for raw Quarkus properties section in the Keycloak documentation.

Problem Summary

According to the documentation, users are to use the --config-file or -cf flag to point to a quarkus.properties file. This causes the keycloak.conf file to be ignored entirely. In this scenario, Keycloak expects configuration via environment variables or boot script arguments.

Solution

I discovered that omitting the --config-file flag and simply placing both keycloak.conf and quarkus.properties in the conf directory allows Keycloak to start successfully while using both files simultaneously.

Specific Use Case

The issue I was addressing involved supporting a keystore with separate passwords for the keystore and the key/certificate alias. This required specifying:

• key-alias
• key-alias-password

These configurations were only supported within the quarkus.properties file.

Recommendation

It might be beneficial for Keycloak to support alias names and passwords as direct Keycloak properties.

Configuration Example

quarkus.properties:
```properties
quarkus.http.ssl.certificate.key-store-key-alias=<alias name>
quarkus.http.ssl.certificate.key-store-key-password=<alias password>

quarkus.management.ssl.certificate.key-store-key-alias=<alias name>
quarkus.management.ssl.certificate.key-store-key-password=<alias password>
```
keycloak.conf:
```properties

1. other props above

https-key-store-file=<path to keystore>
https-key-store-password=<keystore pass>
https-management-key-store-file=<path to keystore>
https-management-key-store-password=<keystore pass>

1. other props below
   ```

Version

25.0.6

Regression

[ ] The issue is a regression

Expected behavior

Keycloak should use both the quarkus.properties and the keycloak.conf when starting. I might expect to update the --config-file to allow multiple config files or add a config flag specifically for the quarkus properties.

Actual behavior

Using the --config-flag for the quarkus.properties overrides any settings from the keycloak.conf

How to Reproduce?

1. Create a keystore, I used a PKCS12 based keystore. You can use openssl, keytool or keystore explorer on windows
2. Create a Private key/cert to store in the keystore.
3. Set the passwords for the keystore and the enclosed alias to be different.
4. Add a keycloak.conf and quarkus.properties per my description above
5. When starting keycloak, use the --config-file or -cf flag and point to the quarkus.properties file

1. Change the procedure from above, (after forcing a keycloak build) and don't use the -cf or --config-file flag this time

Anything else?

no