techies/authelia
1
0
Fork 0
mirror of https://github.com/0rangebananaspy/authelia.git synced 2024-09-14 22:47:21 +07:00
Code Issues Projects Releases Wiki Activity
347bd1be77
authelia/docs/configuration/storage/postgres.md
James Elliott 347bd1be77
feat(storage): encrypted secret values (#2588) 
This adds an AES-GCM 256bit encryption layer for storage for sensitive items. This is only TOTP secrets for the time being but this may be expanded later. This will require a configuration change as per https://www.authelia.com/docs/configuration/migration.html#4330.

Closes #682
2021-11-25 12:56:58 +11:00

2.5 KiB
Raw Blame History

layout title parent grand_parent nav_order
default PostgreSQL Storage Backends Configuration 3

PostgreSQL

The PostgreSQL storage provider.

Configuration

storage:
  encryption_key: a_very_important_secret
  postgres:
    host: 127.0.0.1
    port: 5432
    database: authelia
    username: authelia
    password: mypassword
    sslmode: disable

Options

encryption_key

See the encryption_key docs.

host

type: string {: .label .label-config .label-purple } default: localhost {: .label .label-config .label-blue } required: no {: .label .label-config .label-green }

The database server host.

If utilising an IPv6 literal address it must be enclosed by square brackets and quoted:

host: "[fd00:1111:2222:3333::1]"

port

type: integer {: .label .label-config .label-purple } default: 5432 {: .label .label-config .label-blue } required: no {: .label .label-config .label-green }

The port the database server is listening on.

database

The database name on the database server that the assigned user has access to for the purpose of Authelia.

username

type: string {: .label .label-config .label-purple } required: yes {: .label .label-config .label-red }

The username paired with the password used to connect to the database.

password

type: string {: .label .label-config .label-purple } required: yes {: .label .label-config .label-red }

The password paired with the username used to connect to the database. Can also be defined using a secret which is also the recommended way when running as a container.

timeout

type: duration {: .label .label-config .label-purple } default: 5s {: .label .label-config .label-blue } required: no {: .label .label-config .label-green }

The SQL connection timeout.

sslmode

type: string {: .label .label-config .label-purple } default: disable {: .label .label-config .label-blue } required: no {: .label .label-config .label-green }

SSL mode configures how to handle SSL connections with Postgres. Valid options are 'disable', 'require', 'verify-ca', or 'verify-full'. See the PostgreSQL Documentation or pgx - PostgreSQL Driver and Toolkit Documentation for more information.