Keycloak BCrypt
July 21, 2025 ยท View on GitHub
Add a password hash provider to handle BCrypt passwords inside Keycloak.
Build JAR
./gradlew assemble -Pdependency.keycloak.version=${KEYCLOAK_VERSION}
Build Docker image
docker build \
--build-arg keycloak_version=${KEYCLOAK_VERSION} \
-t gleroy/keycloak-bcrypt \
.
Test with docker-compose
docker-compose up -d
Install
>= 17.0.0
curl -L https://github.com/leroyguillaume/keycloak-bcrypt/releases/download/v${KEYCLOAK_BCRYPT_VERSION}/keycloak-bcrypt-${KEYCLOAK_BCRYPT_VERSION}.jar > ${KEYCLOAK_HOME}/providers/keycloak-bcrypt-${KEYCLOAK_BCRYPT_VERSION}.jar
You need to restart Keycloak.
< 17.0.0
curl -L https://github.com/leroyguillaume/keycloak-bcrypt/releases/download/v${KEYCLOAK_BCRYPT_VERSION}/keycloak-bcrypt-${KEYCLOAK_BCRYPT_VERSION}.jar > ${KEYCLOAK_HOME}/standalone/deployments/keycloak-bcrypt-${KEYCLOAK_BCRYPT_VERSION}.jar
You need to restart Keycloak.
Run with Docker
docker run \
-e KEYCLOAK_ADMIN=${KEYCLOAK_ADMIN} \
-e KEYCLOAK_ADMIN_PASSWORD=${KEYCLOAK_ADMIN_PASSWORD} \
-e KC_HOSTNAME=${KC_HOSTNAME} \
gleroy/keycloak-bcrypt \
start
The image is based on Keycloak official one.
How to use
Go to Authentication / Policies / Password policy and add hashing algorithm policy with value bcrypt.
To test if installation works, create new user and set its credentials.