stack keys

Fetch JWKs and client secrets from Keycloak and write them to postkit.secrets.json.

Usage

postkit stack keys                        # Fetch and write keys
postkit stack keys --restart              # Fetch + restart PostgREST
postkit stack keys --clients "app,admin"  # Fetch keys for specific clients only

Options

Option	Description
`--restart`	Restart PostgREST after updating secrets with new JWKs
`--clients <names>`	Comma-separated client names to fetch (overrides `stack.keycloak.clients` in config)

What It Does

Fetches public JWKs from Keycloak's JWKS endpoint
Fetches client secrets for configured clients
Writes the merged result to postkit.secrets.json under stack.jwks and stack.clients
If --restart: regenerates the compose file with updated JWT config and restarts PostgREST

This command is run automatically during stack up Phase 4 (first run). Use it manually to refresh keys without restarting the whole stack.

Usage​

Options​

What It Does​

Usage

Options

What It Does