mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
347bd1be77
This adds an AES-GCM 256bit encryption layer for storage for sensitive items. This is only TOTP secrets for the time being but this may be expanded later. This will require a configuration change as per https://www.authelia.com/docs/configuration/migration.html#4330. Closes #682
1.0 KiB
1.0 KiB
| layout | title | parent | nav_order | has_children |
|---|---|---|---|---|
| default | Storage Backends | Configuration | 14 | true |
Authelia supports multiple storage backends. The backend is used to store user preferences, 2FA device handles and secrets, authentication logs, etc...
The available storage backends are listed in the table of contents below.
Configuration
storage:
encryption_key: a_very_important_secret
local: {}
mysql: {}
postgres: {}
Options
encryption_key
type: string
{: .label .label-config .label-purple }
required: yes
{: .label .label-config .label-red }
The encryption key used to encrypt data in the database. It has a minimum length of 20 and must be provided. We encrypt data by creating a sha256 checksum of the provided value, and use that to encrypt the data with the AES-GCM 256bit algorithm.
The encrypted data in the database is as follows:
- TOTP Secret
local
See SQLite.
mysql
See MySQL.
postgres
See PostgreSQL.