docker run -e KEYCLOAK_USER=<USERNAME> -e KEYCLOAK_PASSWORD=<PASSWORD> jboss/keycloak
The issue isn't with the Docker image, but that the EventStore command line has no way to configure the password on initialization.
This issue highlights a couple of ways you can change the password post initialization: https://github.com/EventStore/EventStore/issues/2045
I agree it would be nice to configure this on init like e.g. the MySQL image, but the API will be best after that if you want to do things like rotate the password.