I hereby claim:
- I am devspacenine on github.
- I am yeluapyeroc (https://keybase.io/yeluapyeroc) on keybase.
- I have a public key whose fingerprint is BF43 2493 85C4 090E 8CA5 15DF 3B78 2212 00DF DA9A
To claim this, I am signing this object:
Corey Pauley devspacenine
devspacenine
/ gist:abd51a605d7939755d0708a836037010
Last active
August 15, 2025 19:25
Keycloak Password Migration - Agent Prompt
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| You will implement rails tools to coordinate and monitor a password migration by importing existing bcrypt hashes from Rails (`users.password_digest`) into Keycloak so users can keep their current passwords. We use the `keycloak-admin-ruby` gem for Admin API access. Reference: [keycloak-admin-ruby](https://github.com/looorent/keycloak-admin-ruby). | |
| Your work must be safe to run in production, idempotent, testable, and observable. If the migration is not running in the production environment, all passwords will be set to "abc@1234567890!" instead of using the actual password digest, in order to minimize risks of data leaks in lower environments. | |
| --- | |
| ### Current Context (read carefully) | |
| - Existing sync service updates/creates Keycloak users and can set plaintext passwords if provided: |
devspacenine
/ keybase.md
Created
January 26, 2015 18:31