mirror of https://github.com/0rangebananaspy/authelia.git synced 2024-09-14 22:47:21 +07:00

feat(storage): encrypted secret values (#2588 )

This adds an AES-GCM 256bit encryption layer for storage for sensitive items. This is only TOTP secrets for the time being but this may be expanded later. This will require a configuration change as per https://www.authelia.com/docs/configuration/migration.html#4330.

Closes #682

2021-11-25 12:56:58 +11:00

1.0 KiB

Raw Blame History

layout	title	parent	grand_parent	nav_order
default	SQLite	Storage Backends	Configuration	4

SQLite

If you don't have a SQL server, you can use SQLite. However please note that this setup will prevent you from running multiple instances of Authelia since the database will be a local file.

Use of this storage provider leaves Authelia stateful. It's important in highly available scenarios to use one of the other providers, and we highly recommend it in production environments, but this requires you setup an external database.

Configuration

storage:
  encryption_key: a_very_important_secret
  local:
    path: /config/db.sqlite3

Options

encryption_key

See the encryption_key docs.

path

type: string {: .label .label-config .label-blue } required: yes {: .label .label-config .label-red }

The path where the SQLite3 database file will be stored. It will be created if the file does not exist.

1.0 KiB Raw Blame History