How We Scaled Keycloak Event Storage with Logs, S3, and ClickHouse
Every login, logout, failed password attempt, and admin change in Keycloak produces an event. That's exactly what you want for security auditing and product analytics — until you realize where Keycloak puts them: in the same relational database that your authentication path depends on. At scale, event storage becomes a problem you can't ignore. Here's how we solved it, and how the key piece — an MDC-logging EventStoreProvider — is open source so you can solve it too.