Prepare Identity for production
When moving Identity to a production environment, you should consider the following.
Keycloak dependency
As Keycloak is an external-based dependency of Identity, Camunda recommends looking at Keycloak's documentation on production configuration to ensure your Keycloak instance is production-ready.
Backing up
To ensure recovery is possible, Camunda recommends regularly backing up the database that supports Keycloak.
Helm deployment
If you deployed Camunda 8 using Camunda Helm charts, by default there will be a Postgres database deployed with it. In this case, Camunda recommends reading the Postgres documentation for guidance on backing up.
Alternative deployment
If your Keycloak service uses a different database provider than Postgres, Camunda recommends referencing the backup section of the documentation for your chosen provider and version.
Enable TLS
A safe and healthy exchange of secure data requires Transport Layer Security (TLS).
- TLS support for Identity can be enabled by setting configuration values. Refer to Spring - Configure SSL for more information.
- To enable TLS alongside Keycloak, refer to the Keycloak documentation regarding TLS enablement.
Setting Identity URL
To ensure authentication flows are successful, the IDENTITY_URL
should be set to the URL of the Identity service.