Home
Utilities
Application Utilities
User Management and Authentication

Keycloak vs Vault

Need advice about which tool to choose?Ask the StackShare community!

Keycloak
627
1.2K
+ 1
96
Vault
760
760
+ 1
69
Add tool
Advice on Keycloak and Vault
sindhujasrivastava
| 4 upvotes · 184.6K views
Needs advice
on
KeycloakKeycloakOktaOkta
and
Spring SecuritySpring Security

I am working on building a platform in my company that will provide a single sign on to all of the internal products to the customer. To do that we need to build an Authorisation server to comply with the OIDC protocol. Earlier we had built the Auth server using the Spring Security OAuth project but since in Spring Security 5.x it is no longer supported we are planning to get over with it as well. Below are the 2 options that I was considering to replace the Spring Auth Server. 1. Keycloak 2. Okta 3. Auth0 Please advise which one to use.

See more
Replies (3)
Luca Ferrari
Solution Architect at Red Hat, Inc. · | 5 upvotes · 162.3K views
Recommends
on
KeycloakKeycloak

It isn't clear if beside the AuthZ requirement you had others, but given the scenario you described my suggestion would for you to go with Keycloak. First of all because you have already an onpremise IdP and with Keycloak you could maintain that setup (if privacy is a concern). Another important point is configuration and customization: I would assume with Spring OAuth you might have had some custom logic around authentication, this can be easily reconfigured in Keycloak by leveraging SPI (https://www.keycloak.org/docs/latest/server_development/index.html#_auth_spi). Finally AuthZ as a functionality is well developed, based on standard protocols and extensible on Keycloak (https://www.keycloak.org/docs/latest/authorization_services/)

See more
Sandor Racz
Chief Architect · | 2 upvotes · 144.3K views
Recommends
on
KeycloakKeycloak

We have good experience using Keycloak for SSO with OIDC with our Spring Boot based applications. It's free, easy to install and configure, extensible - so I recommend it.

See more
Lukas Marschall
| 2 upvotes · 102K views
Recommends
on
KeycloakKeycloak

You can also use Keycloak as an Identity Broker, which enables you to handle authentication on many different identity providers of your customers. With this setup, you are able to perform authorization tasks centralized.

See more
Get Advice from developers at your company using StackShare Enterprise. Sign up for StackShare Enterprise.
Learn More
Pros of Keycloak
Pros of Vault
  • 32
    It's a open source solution
  • 23
    Supports multiple identity provider
  • 16
    OpenID and SAML support
  • 11
    Easy customisation
  • 9
    JSON web token
  • 5
    Maintained by devs at Redhat
  • 16
    Secure
  • 12
    Variety of Secret Backends
  • 11
    Very easy to set up and use
  • 8
    Dynamic secret generation
  • 5
    AuditLog
  • 3
    Leasing and Renewal
  • 3
    Privilege Access Management
  • 2
    Variety of Auth Backends
  • 2
    Easy to integrate with
  • 2
    Open Source
  • 2
    Consol integration
  • 2
    Handles secret sprawl
  • 1
    Multicloud

Sign up to add or upvote prosMake informed product decisions

Cons of Keycloak
Cons of Vault
  • 7
    Okta
  • 6
    Poor client side documentation
  • 5
    Lack of Code examples for client side
    Be the first to leave a con

    Sign up to add or upvote consMake informed product decisions

    - No public GitHub repository available -

    What is Keycloak?

    It is an Open Source Identity and Access Management For Modern Applications and Services. It adds authentication to applications and secure services with minimum fuss. No need to deal with storing users or authenticating users. It's all available out of the box.

    What is Vault?

    Vault is a tool for securely accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, and more. Vault provides a unified interface to any secret, while providing tight access control and recording a detailed audit log.

    Need advice about which tool to choose?Ask the StackShare community!

    Jobs that mention Keycloak and Vault as a desired skillset
    Staff Software Engineer, Ads ML Infrastructure
    Pinterest
    Palo Alto, CA, US; , CA, US
    View Job Details
    InfraDreamSimple+7
    Machine Learning Engineer, Ads Quality Tech Lead
    Pinterest
    San Francisco, CA, US; , CA, US
    View Job Details
    InfraDreamHadoop+5
    Machine Learning Engineer, Ads Quality TL
    Pinterest
    San Francisco, CA, US; , CA, US
    View Job Details
    InfraDreamHadoop+5
    Senior Backend Engineer, Core & Monetization
    Pinterest
    San Francisco, CA, US; , CA, US
    View Job Details
    InfraDream+2
    Backend Engineer, Core & Monetization
    Pinterest
    San Francisco, CA, US; , CA, US
    View Job Details
    InfraDream+2
    Software Engineer, Ads ML Infrastructure
    Pinterest
    Palo Alto, CA, US; , CA, US
    View Job Details
    InfraDreamSimple+7
    Software Engineer, Ads ML Infrastructure
    Pinterest
    Seattle, WA, US; , WA, US
    View Job Details
    InfraDreamSimple+7
    Sr Digital & Tech Manager
    CBRE
    United States of America Texas Richardson
    View Job Details
    TierWarrantLINE+14
    What companies use Keycloak?
    What companies use Vault?
    See which teams inside your own company are using Keycloak or Vault.
    Sign up for StackShare EnterpriseLearn More

    Sign up to get full access to all the companiesMake informed product decisions

    What tools integrate with Keycloak?
    What tools integrate with Vault?

    Sign up to get full access to all the tool integrationsMake informed product decisions

    Blog Posts

    Transforming the Management of Application Configurations &...
    Dec 10 2019 at 8:35AM

    HashiCorp

    JavaGitLabJenkins+7
    5
    1619
    What are some alternatives to Keycloak and Vault?
    Auth0
    A set of unified APIs and tools that instantly enables Single Sign On and user management to all your applications.
    Okta
    Connect all your apps in days, not months, with instant access to thousands of pre-built integrations - even add apps to the network yourself. Integrations are easy to set up, constantly monitored, proactively repaired and handle authentication and provisioning.
    FreeIPA
    FreeIPA is an integrated Identity and Authentication solution for Linux/UNIX networked environments. A FreeIPA server provides centralized authentication, authorization and account information by storing data about user, groups, hosts and other objects necessary to manage the security aspects of a network of computers.
    Dex
    Dex is a personal CRM that helps you build stronger relationships. Remember where you left off, keep in touch, and be more thoughtful -- all in one place.
    JSON Web Token
    JSON Web Token is an open standard that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed.
    See all alternatives

    Related Comparisons

    Keywhiz vs VaultDocker Secrets vs Torus CLI vs VaultAWS Secrets Manager vs VaultConfidant vs Torus CLI vs VaultTorus CLI vs Vault

    Trending Comparisons

    Django vs Laravel vs Node.jsBootstrap vs Foundation vs Material-UINode.js vs Spring BootFlyway vs LiquibaseAWS CodeCommit vs Bitbucket vs GitHub

    Top Comparisons

    Bitbucket vs GitHub vs GitLabBootstrap vs MaterializeHipChat vs Mattermost vs SlackPostman vs Swagger UI