mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
255aaeb2ad
Adds encryption to the U2F public keys. While the public keys cannot be used to authenticate, only to validate someone is authenticated, if a rogue operator changed these in the database they may be able to bypass 2FA. This prevents that.
1.1 KiB
1.1 KiB
layout | title | parent | nav_order | has_children |
---|---|---|---|---|
default | Storage Backends | Configuration | 14 | true |
Authelia supports multiple storage backends. The backend is used to store user preferences, 2FA device handles and secrets, authentication logs, etc...
The available storage backends are listed in the table of contents below.
Configuration
storage:
encryption_key: a_very_important_secret
local: {}
mysql: {}
postgres: {}
Options
encryption_key
type: string
{: .label .label-config .label-purple }
required: yes
{: .label .label-config .label-red }
The encryption key used to encrypt data in the database. We encrypt data by creating a sha256 checksum of the provided value, and use that to encrypt the data with the AES-GCM 256bit algorithm.
The minimum length of this key is 20 characters, however we generally recommend above 64 characters.
See securty measures for more information.
local
See SQLite.
mysql
See MySQL.
postgres
See PostgreSQL.