authelia/docs/configuration/storage/postgres.md
James Elliott f90ca855e3
feat(storage): postgresql schema and ssl options (#2659)
Adds the schema name and all ssl options for PostgreSQL. Also a significant refactor of the storage validation process.
2021-12-02 16:36:03 +11:00

3.8 KiB

layout title parent grand_parent nav_order
default PostgreSQL Storage Backends Configuration 3

PostgreSQL

The PostgreSQL storage provider.

Configuration

storage:
  encryption_key: a_very_important_secret
  postgres:
    host: 127.0.0.1
    port: 5432
    database: authelia
    schema: public
    username: authelia
    password: mypassword
    ssl:
      mode: disable
      root_certificate: /path/to/root_cert.pem
      certificate: /path/to/cert.pem
      key: /path/to/key.pem

Options

encryption_key

See the encryption_key docs.

host

type: string {: .label .label-config .label-purple } required: yes {: .label .label-config .label-red }

The database server host.

If utilising an IPv6 literal address it must be enclosed by square brackets and quoted:

host: "[fd00:1111:2222:3333::1]"

port

type: integer {: .label .label-config .label-purple } default: 5432 {: .label .label-config .label-blue } required: no {: .label .label-config .label-green }

The port the database server is listening on.

database

type: string {: .label .label-config .label-purple } required: yes {: .label .label-config .label-red }

The database name on the database server that the assigned user has access to for the purpose of Authelia.

schema

type: string {: .label .label-config .label-purple } default: public {: .label .label-config .label-blue } required: no {: .label .label-config .label-green }

The database schema name to use on the database server that the assigned user has access to for the purpose of Authelia. By default this is the public schema.

username

type: string {: .label .label-config .label-purple } required: yes {: .label .label-config .label-red }

The username paired with the password used to connect to the database.

password

type: string {: .label .label-config .label-purple } required: yes {: .label .label-config .label-red }

The password paired with the username used to connect to the database. Can also be defined using a secret which is also the recommended way when running as a container.

timeout

type: duration {: .label .label-config .label-purple } default: 5s {: .label .label-config .label-blue } required: no {: .label .label-config .label-green }

The SQL connection timeout.

ssl

mode

type: string {: .label .label-config .label-purple } default: disable {: .label .label-config .label-blue } required: no {: .label .label-config .label-green }

SSL mode configures how to handle SSL connections with Postgres. Valid options are 'disable', 'require', 'verify-ca', or 'verify-full'. See the PostgreSQL Documentation or pgx - PostgreSQL Driver and Toolkit Documentation for more information.

root_certificate

type: string {: .label .label-config .label-purple } required: no {: .label .label-config .label-green }

The optional location of the root certificate file encoded in the PEM format for validation purposes.

certificate

type: string {: .label .label-config .label-purple } required: no {: .label .label-config .label-green }

The optional location of the certificate file encoded in the PEM format for validation purposes.

key

type: string {: .label .label-config .label-purple } required: no {: .label .label-config .label-green }

The optional location of the key file encoded in the PEM format for authentication purposes.