diff --git a/bitnami/keycloak/12/debian-10/rootfs/opt/bitnami/scripts/keycloak-env.sh b/bitnami/keycloak/12/debian-10/rootfs/opt/bitnami/scripts/keycloak-env.sh
index 5a297515e1ae..9a38fb916e10 100644
--- a/bitnami/keycloak/12/debian-10/rootfs/opt/bitnami/scripts/keycloak-env.sh
+++ b/bitnami/keycloak/12/debian-10/rootfs/opt/bitnami/scripts/keycloak-env.sh
@@ -51,6 +51,7 @@ keycloak_env_vars=(
     KEYCLOAK_DATABASE_USER
     KEYCLOAK_DATABASE_NAME
     KEYCLOAK_DATABASE_PASSWORD
+    KEYCLOAK_DATABASE_SCHEMA
     KEYCLOAK_DAEMON_USER
     KEYCLOAK_DAEMON_GROUP
     KEYCLOAK_USER
@@ -66,6 +67,7 @@ keycloak_env_vars=(
     DB_USER
     DB_DATABASE
     DB_PASSWORD
+    DB_SCHEMA
 )
 for env_var in "${keycloak_env_vars[@]}"; do
     file_env_var="${env_var}_FILE"
@@ -143,6 +145,10 @@ KEYCLOAK_DATABASE_NAME="${KEYCLOAK_DATABASE_NAME:-"${DB_DATABASE:-}"}"
 export KEYCLOAK_DATABASE_NAME="${KEYCLOAK_DATABASE_NAME:-bitnami_keycloak}"
 KEYCLOAK_DATABASE_PASSWORD="${KEYCLOAK_DATABASE_PASSWORD:-"${DB_PASSWORD:-}"}"
 export KEYCLOAK_DATABASE_PASSWORD="${KEYCLOAK_DATABASE_PASSWORD:-}"
+KEYCLOAK_DATABASE_SCHEMA="${KEYCLOAK_DATABASE_SCHEMA:-"${DB_SCHEMA:-}"}"
+# if this image is ever designed to support mariadb/mysql in addition to postgres, the default
+# schema name should be dbo for those databases
+export KEYCLOAK_DATABASE_SCHEMA="${KEYCLOAK_DATABASE_SCHEMA:-public}"
 
 # System users (when running with a privileged user)
 export KEYCLOAK_DAEMON_USER="${KEYCLOAK_DAEMON_USER:-keycloak}"
diff --git a/bitnami/keycloak/12/debian-10/rootfs/opt/bitnami/scripts/libkeycloak.sh b/bitnami/keycloak/12/debian-10/rootfs/opt/bitnami/scripts/libkeycloak.sh
index 18ecbc6c88ef..99a591655a04 100644
--- a/bitnami/keycloak/12/debian-10/rootfs/opt/bitnami/scripts/libkeycloak.sh
+++ b/bitnami/keycloak/12/debian-10/rootfs/opt/bitnami/scripts/libkeycloak.sh
@@ -102,7 +102,7 @@ batch
 /subsystem=datasources/data-source=KeycloakDS: write-attribute(name=background-validation-millis, value=60000)
 /subsystem=datasources/data-source=KeycloakDS: write-attribute(name=flush-strategy, value=IdleConnections)
 /subsystem=datasources/jdbc-driver=postgresql:add(driver-name=postgresql, driver-module-name=org.postgresql.jdbc, driver-xa-datasource-class-name=org.postgresql.xa.PGXADataSource)
-/subsystem=keycloak-server/spi=connectionsJpa/provider=default:write-attribute(name=properties.schema,value=public)
+/subsystem=keycloak-server/spi=connectionsJpa/provider=default:write-attribute(name=properties.schema,value=${KEYCLOAK_DATABASE_SCHEMA})
 run-batch
 stop-embedded-server
 EOF
diff --git a/bitnami/keycloak/README.md b/bitnami/keycloak/README.md
index e87b66d6d32c..c1e9d157fdc5 100644
--- a/bitnami/keycloak/README.md
+++ b/bitnami/keycloak/README.md
@@ -79,6 +79,7 @@ The Bitnami Keycloak container requires a PostgreSQL database to work. This is c
 - `KEYCLOAK_DATABASE_NAME`: PostgreSQL database name. Default : **bitnami_keycloak**.
 - `KEYCLOAK_DATABASE_USER`: PostgreSQL database user. Default : **bn_keycloak**.
 - `KEYCLOAK_DATABASE_PASSWORD`: PostgreSQL database password. No defaults.
+- `KEYCLOAK_DATABASE_SCHEMA`: PostgreSQL database schema. Default : **public**.
 
 ## Port and address binding