diff --git a/changelogs/fragments/keycloak-realm-key-keyerror-bugfix.yml b/changelogs/fragments/keycloak-realm-key-keyerror-bugfix.yml
new file mode 100644
index 0000000000..cb8dd12271
--- /dev/null
+++ b/changelogs/fragments/keycloak-realm-key-keyerror-bugfix.yml
@@ -0,0 +1,5 @@
+bugfixes:
+  - keycloak_realm_key - fix ``KeyError`` crash when managing realm keys where Keycloak
+    does not return ``active``, ``enabled``, or ``algorithm`` fields in the config
+    response (https://github.com/ansible-collections/community.general/issues/11459,
+    https://github.com/ansible-collections/community.general/pull/11470).
diff --git a/plugins/modules/keycloak_realm_key.py b/plugins/modules/keycloak_realm_key.py
index 996e6bf356..e59228fe39 100644
--- a/plugins/modules/keycloak_realm_key.py
+++ b/plugins/modules/keycloak_realm_key.py
@@ -402,10 +402,17 @@ def main():
                     result["changed"] = True
 
             # Compare parameters under the "config" key
+            # Note: Keycloak API may not return all config fields for default keys
+            # (e.g., 'active', 'enabled', 'algorithm' may be missing). Handle this
+            # gracefully by using .get() with defaults.
             for p, v in changeset_copy["config"].items():
-                before_realm_key["config"][p] = key["config"][p]
-                if v != key["config"][p]:
-                    changes += f"config.{p}: {key['config'][p]} -> {v}, "
+                # Get the current value, defaulting to our expected value if not present
+                # This handles the case where Keycloak does not return certain fields
+                # for default/generated keys
+                current_value = key["config"].get(p, v)
+                before_realm_key["config"][p] = current_value
+                if v != current_value:
+                    changes += f"config.{p}: {current_value} -> {v}, "
                     result["changed"] = True
 
     # Sanitize linefeeds for the privateKey. Without this the JSON payload