authelia/docs/content/en/configuration/storage/postgres.md
James Elliott b102ebb6bb
docs: improve secrets documentation (#3565)
Improve documentation around secrets.
2022-06-21 19:45:08 +10:00

3.4 KiB

title description lead date draft images menu weight toc aliases
PostgreSQL PostgreSQL Configuration The PostgreSQL storage provider. 2022-03-20T12:52:27+11:00 false
configuration
parent
storage
106400 true
/docs/configuration/storage/postgres.html

Version support

See PostgreSQL support for the versions supported by PostgreSQL. We recommend the current minor version of one of the versions supported by PostgreSQL.

The versions of PostgreSQL that should be supported by Authelia are:

  • 14
  • 13
  • 12
  • 11
  • 10
  • 9.6

Configuration

storage:
  encryption_key: a_very_important_secret
  postgres:
    host: 127.0.0.1
    port: 5432
    database: authelia
    schema: public
    username: authelia
    password: mypassword
    ssl:
      mode: disable
      root_certificate: /path/to/root_cert.pem
      certificate: /path/to/cert.pem
      key: /path/to/key.pem

Options

encryption_key

See the encryption_key docs.

host

{{< confkey type="string" required="yes" >}}

The database server host.

If utilising an IPv6 literal address it must be enclosed by square brackets and quoted:

host: "[fd00:1111:2222:3333::1]"

port

{{< confkey type="integer" default="5432" required="no" >}}

The port the database server is listening on.

database

{{< confkey type="string" required="yes" >}}

The database name on the database server that the assigned user has access to for the purpose of Authelia.

schema

{{< confkey type="string" default="public" required="no" >}}

The database schema name to use on the database server that the assigned user has access to for the purpose of Authelia. By default this is the public schema.

username

{{< confkey type="string" required="yes" >}}

The username paired with the password used to connect to the database.

password

{{< confkey type="string" required="yes" >}}

Important Note: This can also be defined using a secret which is strongly recommended especially for containerized deployments.

The password paired with the username used to connect to the database.

It's strongly recommended this is a Random Alphanumeric String with 64 or more characters and the user password is changed to this value.

timeout

{{< confkey type="duration" default="5s" required="no" >}}

The SQL connection timeout.

ssl

mode

{{< confkey type="string" default="disable" required="no" >}}

SSL mode configures how to handle SSL connections with Postgres. Valid options are 'disable', 'require', 'verify-ca', or 'verify-full'. See the PostgreSQL Documentation or pgx - PostgreSQL Driver and Toolkit Documentation for more information.

root_certificate

{{< confkey type="string" required="no" >}}

The optional location of the root certificate file encoded in the PEM format for validation purposes.

certificate

{{< confkey type="string" required="no" >}}

The optional location of the certificate file encoded in the PEM format for validation purposes.

key

{{< confkey type="string" required="no" >}}

The optional location of the key file encoded in the PEM format for authentication purposes.