Start the server in development mode.

Usage:

kc.sh start-dev [OPTIONS]

Use this command if you want to run the server locally for development or
testing purposes.

Options:

-h, --help           This help message.
--help-all           This same help message but with additional options.

Cluster:

--cache <type>       Defines the cache mechanism for high-availability. By default, a 'ispn' cache
                       is used to create a cluster between multiple server nodes. A 'local' cache
                       disables clustering and is intended for development and testing purposes.
                       Default: ispn.
--cache-config-file <file>
                     Defines the file from which cache configuration should be loaded from.
--cache-stack <stack>
                     Define the default stack to use for cluster communication and node discovery.
                       This option only takes effect if 'cache' is set to 'ispn'. Default: udp.

Database:

--db <vendor>        The database vendor. Possible values are: dev-file, dev-mem, mariadb, mssql,
                       mysql, oracle, postgres
--db-password <password>
                     The password of the database user.
--db-pool-initial-size <size>
                     The initial size of the connection pool.
--db-pool-max-size <size>
                     The maximum size of the connection pool. Default: 100.
--db-pool-min-size <size>
                     The minimal size of the connection pool.
--db-schema <schema> The database schema to be used.
--db-url <jdbc-url>  The full database JDBC URL. If not provided, a default URL is set based on the
                       selected database vendor. For instance, if using 'postgres', the default
                       JDBC URL would be 'jdbc:postgresql://localhost/keycloak'.
--db-url-database <dbname>
                     Sets the database name of the default JDBC URL of the chosen vendor. If the
                       `db-url` option is set, this option is ignored.
--db-url-host <hostname>
                     Sets the hostname of the default JDBC URL of the chosen vendor. If the
                       `db-url` option is set, this option is ignored.
--db-url-properties <properties>
                     Sets the properties of the default JDBC URL of the chosen vendor. If the
                       `db-url` option is set, this option is ignored.
--db-username <username>
                     The username of the database user.

Transaction:

--transaction-xa-enabled <true|false>
                     Manually override the transaction type. Transaction type XA and the
                       appropriate driver is used by default. Default: true.

Feature:

--features <feature> Enables a set of one or more features.
--features-disabled <feature>
                     Disables a set of one or more features.

Hostname:

--hostname <hostname>
                     Hostname for the Keycloak server.
--hostname-path <path>
                     This should be set if proxy uses a different context-path for Keycloak.
--hostname-port <port>
                     The port used by the proxy when exposing the hostname. Set this option if the
                       proxy uses a port other than the default HTTP and HTTPS ports. Default: -1.
--hostname-strict <true|false>
                     Disables dynamically resolving the hostname from request headers. Should
                       always be set to true in production, unless proxy verifies the Host header.
                       Default: true.
--hostname-strict-backchannel <true|false>
                     By default backchannel URLs are dynamically resolved from request headers to
                       allow internal an external applications. If all applications use the public
                       URL this option should be enabled. Default: false.

HTTP/TLS:

--http-enabled <true|false>
                     Enables the HTTP listener. Default: false.
--http-host <host>   The used HTTP Host. Default: 0.0.0.0.
--http-port <port>   The used HTTP port. Default: 8080.
--http-relative-path <path>
                     Set the path relative to '/' for serving resources. Default: /.
--https-certificate-file <file>
                     The file path to a server certificate or certificate chain in PEM format.
--https-certificate-key-file <file>
                     The file path to a private key in PEM format.
--https-cipher-suites <ciphers>
                     The cipher suites to use. If none is given, a reasonable default is selected.
--https-client-auth <auth>
                     Configures the server to require/request client authentication. Possible
                       Values: none, request, required. Default: none.
--https-key-store-file <file>
                     The key store which holds the certificate information instead of specifying
                       separate files.
--https-key-store-password <password>
                     The password of the key store file. Default: password.
--https-key-store-type <type>
                     The type of the key store file. If not given, the type is automatically
                       detected based on the file name.
--https-port <port>  The used HTTPS port. Default: 8443.
--https-protocols <protocols>
                     The list of protocols to explicitly enable. Default: TLSv1.3.
--https-trust-store-file <file>
                     The trust store which holds the certificate information of the certificates to
                       trust.
--https-trust-store-password <password>
                     The password of the trust store file.
--https-trust-store-type <type>
                     The type of the trust store file. If not given, the type is automatically
                       detected based on the file name.

Metrics:

--metrics-enabled <true|false>
                     If the server should expose metrics and healthcheck. If enabled, metrics are
                       available at the '/metrics' endpoint and healthcheck at the '/health'
                       endpoint. Default: false.

Proxy:

--proxy <mode>       The proxy address forwarding mode if the server is behind a reverse proxy.
                       Possible values are: edge,reencrypt,passthrough Default: none.

Vault:

--vault <provider>   Enables a vault provider.
--vault-dir <dir>    If set, secrets can be obtained by reading the content of files within the
                       given directory.

Logging:

--log-format <format>
                     The format of log entries. If the format has spaces in it, you need to escape
                       the value such as "<format>". Default: %d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c]
                       (%t) %s%e%n.
--log-level <category:level>
                     The log level of the root category or a comma-separated list of individual
                       categories and their levels. For the root category, you don't need to
                       specify a category. Default: info.

Do NOT start the server using this command when deploying to production.

Use 'kc.sh start-dev --help-all' to list all available options, including build
options.