Improve documentation around secrets.
3.4 KiB
title | description | lead | date | draft | images | menu | weight | toc | aliases | |||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
PostgreSQL | PostgreSQL Configuration | The PostgreSQL storage provider. | 2022-03-20T12:52:27+11:00 | false |
|
106400 | true |
|
Version support
See PostgreSQL support for the versions supported by PostgreSQL. We recommend the current minor version of one of the versions supported by PostgreSQL.
The versions of PostgreSQL that should be supported by Authelia are:
- 14
- 13
- 12
- 11
- 10
- 9.6
Configuration
storage:
encryption_key: a_very_important_secret
postgres:
host: 127.0.0.1
port: 5432
database: authelia
schema: public
username: authelia
password: mypassword
ssl:
mode: disable
root_certificate: /path/to/root_cert.pem
certificate: /path/to/cert.pem
key: /path/to/key.pem
Options
encryption_key
See the encryption_key docs.
host
{{< confkey type="string" required="yes" >}}
The database server host.
If utilising an IPv6 literal address it must be enclosed by square brackets and quoted:
host: "[fd00:1111:2222:3333::1]"
port
{{< confkey type="integer" default="5432" required="no" >}}
The port the database server is listening on.
database
{{< confkey type="string" required="yes" >}}
The database name on the database server that the assigned user has access to for the purpose of Authelia.
schema
{{< confkey type="string" default="public" required="no" >}}
The database schema name to use on the database server that the assigned user has access to for the purpose of Authelia. By default this is the public schema.
username
{{< confkey type="string" required="yes" >}}
The username paired with the password used to connect to the database.
password
{{< confkey type="string" required="yes" >}}
Important Note: This can also be defined using a secret which is strongly recommended especially for containerized deployments.
The password paired with the username used to connect to the database.
It's strongly recommended this is a Random Alphanumeric String with 64 or more characters and the user password is changed to this value.
timeout
{{< confkey type="duration" default="5s" required="no" >}}
The SQL connection timeout.
ssl
mode
{{< confkey type="string" default="disable" required="no" >}}
SSL mode configures how to handle SSL connections with Postgres. Valid options are 'disable', 'require', 'verify-ca', or 'verify-full'. See the PostgreSQL Documentation or pgx - PostgreSQL Driver and Toolkit Documentation for more information.
root_certificate
{{< confkey type="string" required="no" >}}
The optional location of the root certificate file encoded in the PEM format for validation purposes.
certificate
{{< confkey type="string" required="no" >}}
The optional location of the certificate file encoded in the PEM format for validation purposes.
key
{{< confkey type="string" required="no" >}}
The optional location of the key file encoded in the PEM format for authentication purposes.