2022-06-15 14:51:47 +07:00
|
|
|
---
|
|
|
|
title: "PostgreSQL"
|
|
|
|
description: "PostgreSQL Configuration"
|
|
|
|
lead: "The PostgreSQL storage provider."
|
|
|
|
date: 2022-03-20T12:52:27+11:00
|
|
|
|
draft: false
|
|
|
|
images: []
|
|
|
|
menu:
|
|
|
|
configuration:
|
|
|
|
parent: "storage"
|
|
|
|
weight: 106400
|
|
|
|
toc: true
|
|
|
|
aliases:
|
|
|
|
- /docs/configuration/storage/postgres.html
|
|
|
|
---
|
|
|
|
|
|
|
|
## Version support
|
|
|
|
|
|
|
|
See [PostgreSQL support](https://www.postgresql.org/support/versioning/) for the versions supported by PostgreSQL. We
|
|
|
|
recommend the *current minor* version of one of the versions supported by PostgreSQL.
|
|
|
|
|
|
|
|
The versions of PostgreSQL that should be supported by Authelia are:
|
|
|
|
|
|
|
|
* 14
|
|
|
|
* 13
|
|
|
|
* 12
|
|
|
|
* 11
|
|
|
|
* 10
|
|
|
|
* 9.6
|
|
|
|
|
|
|
|
## Configuration
|
|
|
|
|
|
|
|
```yaml
|
|
|
|
storage:
|
|
|
|
encryption_key: a_very_important_secret
|
|
|
|
postgres:
|
|
|
|
host: 127.0.0.1
|
|
|
|
port: 5432
|
|
|
|
database: authelia
|
|
|
|
schema: public
|
|
|
|
username: authelia
|
|
|
|
password: mypassword
|
|
|
|
ssl:
|
|
|
|
mode: disable
|
|
|
|
root_certificate: /path/to/root_cert.pem
|
|
|
|
certificate: /path/to/cert.pem
|
|
|
|
key: /path/to/key.pem
|
|
|
|
```
|
|
|
|
|
|
|
|
## Options
|
|
|
|
|
|
|
|
### encryption_key
|
|
|
|
|
|
|
|
See the [encryption_key docs](introduction.md#encryption_key).
|
|
|
|
|
|
|
|
### host
|
|
|
|
|
|
|
|
{{< confkey type="string" required="yes" >}}
|
|
|
|
|
|
|
|
The database server host.
|
|
|
|
|
|
|
|
If utilising an IPv6 literal address it must be enclosed by square brackets and quoted:
|
|
|
|
|
|
|
|
```yaml
|
|
|
|
host: "[fd00:1111:2222:3333::1]"
|
|
|
|
```
|
|
|
|
|
|
|
|
### port
|
|
|
|
|
|
|
|
{{< confkey type="integer" default="5432" required="no" >}}
|
|
|
|
|
|
|
|
The port the database server is listening on.
|
|
|
|
|
|
|
|
### database
|
|
|
|
|
|
|
|
{{< confkey type="string" required="yes" >}}
|
|
|
|
|
|
|
|
The database name on the database server that the assigned [user](#username) has access to for the purpose of
|
|
|
|
__Authelia__.
|
|
|
|
|
|
|
|
### schema
|
|
|
|
|
|
|
|
{{< confkey type="string" default="public" required="no" >}}
|
|
|
|
|
|
|
|
The database schema name to use on the database server that the assigned [user](#username) has access to for the purpose
|
|
|
|
of __Authelia__. By default this is the public schema.
|
|
|
|
|
|
|
|
### username
|
|
|
|
|
|
|
|
{{< confkey type="string" required="yes" >}}
|
|
|
|
|
|
|
|
The username paired with the password used to connect to the database.
|
|
|
|
|
|
|
|
### password
|
|
|
|
|
|
|
|
{{< confkey type="string" required="yes" >}}
|
|
|
|
|
2022-06-21 16:45:08 +07:00
|
|
|
*__Important Note:__ This can also be defined using a [secret](../methods/secrets.md) which is __strongly recommended__
|
|
|
|
especially for containerized deployments.*
|
2022-06-15 14:51:47 +07:00
|
|
|
|
2022-06-21 16:45:08 +07:00
|
|
|
The password paired with the [username](#username) used to connect to the database.
|
|
|
|
|
|
|
|
It's __strongly recommended__ this is a
|
|
|
|
[Random Alphanumeric String](../miscellaneous/guides.md#generating-a-random-alphanumeric-string) with 64 or more
|
|
|
|
characters and the user password is changed to this value.
|
2022-06-15 14:51:47 +07:00
|
|
|
|
|
|
|
### timeout
|
|
|
|
|
|
|
|
{{< confkey type="duration" default="5s" required="no" >}}
|
|
|
|
|
|
|
|
The SQL connection timeout.
|
|
|
|
|
|
|
|
### ssl
|
|
|
|
|
|
|
|
#### mode
|
|
|
|
|
|
|
|
{{< confkey type="string" default="disable" required="no" >}}
|
|
|
|
|
|
|
|
SSL mode configures how to handle SSL connections with Postgres.
|
|
|
|
Valid options are 'disable', 'require', 'verify-ca', or 'verify-full'.
|
|
|
|
See the [PostgreSQL Documentation](https://www.postgresql.org/docs/12/libpq-ssl.html)
|
|
|
|
or [pgx - PostgreSQL Driver and Toolkit Documentation](https://pkg.go.dev/github.com/jackc/pgx?tab=doc)
|
|
|
|
for more information.
|
|
|
|
|
|
|
|
#### root_certificate
|
|
|
|
|
|
|
|
{{< confkey type="string" required="no" >}}
|
|
|
|
|
|
|
|
The optional location of the root certificate file encoded in the PEM format for validation purposes.
|
|
|
|
|
|
|
|
#### certificate
|
|
|
|
|
|
|
|
{{< confkey type="string" required="no" >}}
|
|
|
|
|
|
|
|
The optional location of the certificate file encoded in the PEM format for validation purposes.
|
|
|
|
|
|
|
|
#### key
|
|
|
|
|
|
|
|
{{< confkey type="string" required="no" >}}
|
|
|
|
|
|
|
|
The optional location of the key file encoded in the PEM format for authentication purposes.
|