blob: 2dd22859a401d841a82d2c4785ade0418b0bad72 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
|
---
title: "PostgreSQL"
description: "PostgreSQL Configuration"
lead: "The PostgreSQL storage provider."
date: 2022-03-20T12:52:27+11:00
draft: false
images: []
menu:
configuration:
parent: "storage"
weight: 106400
toc: true
aliases:
- /docs/configuration/storage/postgres.html
---
## Version support
See [PostgreSQL support](https://www.postgresql.org/support/versioning/) for the versions supported by PostgreSQL. We
recommend the *current minor* version of one of the versions supported by PostgreSQL.
The versions of PostgreSQL that should be supported by Authelia are:
* 14
* 13
* 12
* 11
* 10
* 9.6
## Configuration
```yaml
storage:
encryption_key: a_very_important_secret
postgres:
host: 127.0.0.1
port: 5432
database: authelia
schema: public
username: authelia
password: mypassword
ssl:
mode: disable
root_certificate: /path/to/root_cert.pem
certificate: /path/to/cert.pem
key: /path/to/key.pem
```
## Options
### encryption_key
See the [encryption_key docs](introduction.md#encryption_key).
### host
{{< confkey type="string" required="yes" >}}
The database server host.
If utilising an IPv6 literal address it must be enclosed by square brackets and quoted:
```yaml
host: "[fd00:1111:2222:3333::1]"
```
### port
{{< confkey type="integer" default="5432" required="no" >}}
The port the database server is listening on.
### database
{{< confkey type="string" required="yes" >}}
The database name on the database server that the assigned [user](#username) has access to for the purpose of
__Authelia__.
### schema
{{< confkey type="string" default="public" required="no" >}}
The database schema name to use on the database server that the assigned [user](#username) has access to for the purpose
of __Authelia__. By default this is the public schema.
### username
{{< confkey type="string" required="yes" >}}
The username paired with the password used to connect to the database.
### password
{{< confkey type="string" required="yes" >}}
The password paired with the username used to connect to the database. Can also be defined using a
[secret](../methods/secrets.md) which is also the recommended way when running as a container.
We recommend generating a random string with 64 characters or more for this purposes which can be done by following the
[Generating a Random Alphanumeric String](../miscellaneous/guides.md#generating-a-random-alphanumeric-string)
guide.
### timeout
{{< confkey type="duration" default="5s" required="no" >}}
The SQL connection timeout.
### ssl
#### mode
{{< confkey type="string" default="disable" required="no" >}}
SSL mode configures how to handle SSL connections with Postgres.
Valid options are 'disable', 'require', 'verify-ca', or 'verify-full'.
See the [PostgreSQL Documentation](https://www.postgresql.org/docs/12/libpq-ssl.html)
or [pgx - PostgreSQL Driver and Toolkit Documentation](https://pkg.go.dev/github.com/jackc/pgx?tab=doc)
for more information.
#### root_certificate
{{< confkey type="string" required="no" >}}
The optional location of the root certificate file encoded in the PEM format for validation purposes.
#### certificate
{{< confkey type="string" required="no" >}}
The optional location of the certificate file encoded in the PEM format for validation purposes.
#### key
{{< confkey type="string" required="no" >}}
The optional location of the key file encoded in the PEM format for authentication purposes.
|
