In Keycloak 25.0.2 I create a realm with custom configration with keycloak-admin-client library for JVM based applications. I set realm attributes, password policies and so on. I would now like to add two EC key pairs, one for signing and one for encryption so that I can get those keys for specific tasks in my custom realm resource. The code I have for this is:

val sigKey = keycloakKeyService.signatureKeySpec()
val encKey = keycloakKeyService.encryptionKeySpec()

realmResource.keys().keyMetadata.keys.add(sigKey)
realmResource.keys().keyMetadata.keys.add(encKey)

The code to create the key specs looks like this:

fun signatureKeySpec(keyId: String = "my_sig_key") =
  KeysMetadataRepresentation.KeyMetadataRepresentation().apply {
    kid = keyId
    algorithm = "ES256"
    type = KeyType.EC
    use = KeyUse.SIG
    status = "ACTIVE"
  }

The code for the encryption key is the same with the exception of the use value (KeyUse.ENC).

When I first tried this I got a 403 response from the keycloak server due to insufficient permissions of the keycloak-admin-client library user. For now I gave this user the role admin and the code runs without error. However, I cannot see the keys in keycloak's web UI and furthermore I cannot retrieve the keys programmatically. It looks like the keys are never saved to keycloak but there is no ERROR log either.

What am I missing?