[Question] NullPointerException when starting Camunda Identity with Keycloak

Hi — I’m deploying Camunda 8.8 using Helm chart 13.0.0. The Identity pod crashes on startup with this error:

2025-10-15 11:00:34.986 ERROR 1 — [ main] o.s.b.SpringApplication : Application run failed

java.lang.NullPointerException: Cannot invoke “String.isBlank()” because the return value of “io.camunda.identity.impl.keycloak.config.record.KeycloakClient.secret()” is null

**at io.camunda.identity.impl.keycloak.initializer.service.ClientInitializationService.validateClientSecret(ClientInitializationService.java:203) \~\[!/:?\]**

**at io.camunda.identity.impl.keycloak.initializer.service.ClientInitializationService.processClient(ClientInitializationService.java:65) \~\[!/:?\]**

**at java.base/java.util.ArrayList.forEach(Unknown Source) \~\[?:?\]**

**at io.camunda.identity.impl.keycloak.initializer.service.ClientInitializationService.process(ClientInitializationService.java:61) \~\[!/:?\]**

**at io.camunda.identity.impl.keycloak.initializer.KeycloakClientInitializer.run(KeycloakClientInitializer.java:34) \~\[!/:?\]**

**at org.springframework.boot.SpringApplication.lambda$callRunner$4(SpringApplication.java:784) \~\[spring-boot-3.4.10.jar!/:3.4.10\]**

**at org.springframework.util.function.ThrowingConsumer$1.acceptWithException(ThrowingConsumer.java:82) \~\[spring-core-6.2.11.jar!/:6.2.11\]**

**at org.springframework.util.function.ThrowingConsumer.accept(ThrowingConsumer.java:60) \~\[spring-core-6.2.11.jar!/:6.2.11\]**

**at org.springframework.util.function.ThrowingConsumer$1.accept(ThrowingConsumer.java:86) \~\[spring-core-6.2.11.jar!/:6.2.11\]**

**at org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:796) \~\[spring-boot-3.4.10.jar!/:3.4.10\]**

**at org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:784) \~\[spring-boot-3.4.10.jar!/:3.4.10\]**

**at org.springframework.boot.SpringApplication.lambda$callRunners$3(SpringApplication.java:772) \[spring-boot-3.4.10.jar!/:3.4.10\]**

**at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.accept(Unknown Source) \~\[?:?\]**

**at java.base/java.util.stream.SortedOps$SizedRefSortingSink.end(Unknown Source) \~\[?:?\]**

**at java.base/java.util.stream.AbstractPipeline.copyInto(Unknown Source) \~\[?:?\]**

**at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(Unknown Source) \~\[?:?\]**

**at java.base/java.util.stream.ForEachOps$ForEachOp.evaluateSequential(Unknown Source) \~\[?:?\]**

**at java.base/java.util.stream.ForEachOps$ForEachOp$OfRef.evaluateSequential(Unknown Source) \~\[?:?\]**

**at java.base/java.util.stream.AbstractPipeline.evaluate(Unknown Source) \~\[?:?\]

**
Identity initializer runs on Spring Boot v3.4.10. Has anyone encountered this before? Any idea what causes it or a quick workaround? Thanks!

Hi @Geek_Up_Linh, welcome to the forums! It looks like Identity is trying to connect to Keycloak, but it is missing the credentials. Can you share your values.yaml file (with secrets redacted)?

Thanks for your response! I’ve already fixed the issue — it turned out the problem was caused by a missing configuration for orchestration.migration.secret in my values.yaml. Once I added that secret reference, the Identity pod started up correctly.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.