Version: 8.7

Prepare Identity for production

When moving Identity to a production environment, you should consider the following.

Keycloak dependency

As Keycloak is an external-based dependency of Identity, Camunda recommends looking at Keycloak's documentation on production configuration to ensure your Keycloak instance is production-ready.

Backing up

To ensure recovery is possible, Camunda recommends regularly backing up the database that supports Keycloak.

Helm deployment

If you deployed Camunda 8 using Camunda Helm charts, by default there will be a Postgres database deployed with it. In this case, Camunda recommends reading the Postgres documentation for guidance on backing up.

Alternative deployment

If your Keycloak service uses a different database provider than Postgres, Camunda recommends referencing the backup section of the documentation for your chosen provider and version.

Enable TLS

A safe and healthy exchange of secure data requires Transport Layer Security (TLS).

TLS support for Identity can be enabled by setting configuration values. Refer to Spring - Configure SSL for more information.
To enable TLS alongside Keycloak, refer to the Keycloak documentation regarding TLS enablement.

Setting Identity URL

To ensure authentication flows are successful, the IDENTITY_URL should be set to the URL of the Identity service.

Keycloak dependency​

Backing up​

Helm deployment​

Alternative deployment​

Enable TLS​

Setting Identity URL​