Skip to content

keystone-scim/keystone

Repository files navigation

Keystone is a fully containerized lightweight SCIM 2.0 API implementation.

Getting Started

Run the container with zero config to test it:

# Pull the image:
docker pull ghcr.io/keystone-scim/keystone:latest

# Run the container:
docker run -it \
  -p 5001:5001 \ 
  -e AUTHENTICATION_SECRET=supersecret \
  ghcr.io/keystone-scim/keystone:latest

Read the Keystone documentation to understand how you can configure Keystone with its different backends.

What's Keystone?

Keystone implements the SCIM 2.0 REST API. If you run your identity management operations with an identity manager that supports user provisioning (e.g., Azure AD, Okta, etc.), you can use Keystone to persist directory changes. Keystone v0.1.0 supports two persistence layers: PostgreSQL, MongoDB, Azure Cosmos DB, and MySQL.

logo

Key features:

  • A compliant SCIM 2.0 REST API implementation for Users and Groups.
  • Stateless container - deploy it anywhere you want (e.g., Kubernetes) and bring your own storage.
  • Pluggable store for users and groups. Current supported storage technologies:
  • Azure Key Vault bearer token retrieval.
  • Extensible store: Can't use MongoDB, Cosmos DB, PostgreSQL, or MySQL? Open an issue and/or consider becoming a contributor by implementing your own data store.

Configure the API

See Keystone Documentation.

Development

Please see the Contribution Guide to get started.