authelia/internal/configuration/test_resources/config_with_secret.yml

---
jwt_secret: secret_from_config

default_redirection_url: https://home.example.com:8080/

server:
  host: 127.0.0.1
  port: 9091

log:
  level: debug

totp:
  issuer: authelia.com

duo_api:
  hostname: api-123456789.example.com
  integration_key: ABCDEF

authentication_backend:
  ldap:
    url: ldap://127.0.0.1
    base_dn: dc=example,dc=com
    username_attribute: uid
    additional_users_dn: ou=users
    users_filter: (&({username_attribute}={input})(objectCategory=person)(objectClass=user))
    additional_groups_dn: ou=groups
    groups_filter: (&(member={dn})(objectClass=groupOfNames))
    group_name_attribute: cn
    mail_attribute: mail
    user: cn=admin,dc=example,dc=com

access_control:
  default_policy: deny

  rules:
    # Rules applied to everyone
    - domain: public.example.com
      policy: bypass

    - domain: secure.example.com
      policy: one_factor
      # Network based rule, if not provided any network matches.
      networks:
        - 192.168.1.0/24
    - domain: secure.example.com
      policy: two_factor

    - domain: [singlefactor.example.com, onefactor.example.com]
      policy: one_factor

    # Rules applied to 'admins' group
    - domain: "mx2.mail.example.com"
      subject: "group:admins"
      policy: deny
    - domain: "*.example.com"
      subject: "group:admins"
      policy: two_factor

    # Rules applied to 'dev' group
    - domain: dev.example.com
      resources:
        - "^/groups/dev/.*$"
      subject: "group:dev"
      policy: two_factor

    # Rules applied to user 'john'
    - domain: dev.example.com
      resources:
        - "^/users/john/.*$"
      subject: "user:john"
      policy: two_factor

    # Rules applied to 'dev' group and user 'john'
    - domain: dev.example.com
      resources:
        - "^/deny-all.*$"
      subject: ["group:dev", "user:john"]
      policy: deny

    # Rules applied to user 'harry'
    - domain: dev.example.com
      resources:
        - "^/users/harry/.*$"
      subject: "user:harry"
      policy: two_factor

    # Rules applied to user 'bob'
    - domain: "*.mail.example.com"
      subject: "user:bob"
      policy: two_factor
    - domain: "dev.example.com"
      resources:
        - "^/users/bob/.*$"
      subject: "user:bob"
      policy: two_factor

session:
  name: authelia_session
  expiration: 3600000  # 1 hour
  inactivity: 300000  # 5 minutes
  domain: example.com
  redis:
    host: 127.0.0.1
    port: 6379

regulation:
  max_retries: 3
  find_time: 120
  ban_time: 300

storage:
  mysql:
    host: 127.0.0.1
    port: 3306
    database: authelia
    username: authelia

notifier:
  smtp:
    username: test
    host: 127.0.0.1
    port: 1025
    sender: admin@example.com
    disable_require_tls: true
...
ci: add yamllint (#1895) This change implements yamllint and adjusts all yaml files to abide by our linting setup. This excludes config.template.yml as this will be done in an alternate commit. 2021-04-10 20:51:00 +00:00			`---`
[FEATURE] File Secrets (#896) * [FEATURE] File Secret Loading * add a validator for secrets * run the secrets validator before the main config validator * only allow a secret to be defined in one of: config, env, file env * remove LF if found in file * update configuration before main config validation * fix unit tests * implement secret testing * refactor the secrets validator * make check os agnostic * update docs * add warning when user attempts to use ENV instead of ENV file * discourage ENV in docs * update config template * oxford comma * apply suggestions from code review * rename Validate to ValidateConfiguration * add k8s example * add deprecation notice in docs and warning * style changes 2020-04-23 01:11:32 +00:00			`jwt_secret: secret_from_config`

feat(configuration): replace several configuration options (#2209) This change adjusts several global options moving them into the server block. It additionally notes other breaking changes in the configuration. BREAKING CHANGE: Several configuration options have been changed and moved into other sections. Migration instructions are documented here: https://authelia.com/docs/configuration/migration.html#4.30.0 2021-08-02 11:55:30 +00:00			`default_redirection_url: https://home.example.com:8080/`

			`server:`
			`host: 127.0.0.1`
			`port: 9091`

refactor(configuration): use key log instead of logging (#2072) * refactor: logging config key to log This refactors the recent pre-release change adding log options to their own configuration section in favor of a log section (from logging). * docs: add step to getting started to get the latest tagged commit This is so we avoid issues with changes on master having differences that don't work on the latest docker tag. * test: adjust tests * docs: adjust doc strings 2021-06-08 13:15:43 +00:00			`log:`
feat(configuration): add error and warn log levels (#2050) This is so levels like warn and error can be used to exclude info or warn messages. Additionally there is a reasonable refactoring of logging moving the log config options to the logging key because there are a significant number of log options now. This also decouples the expvars and pprof handlers from the log level, and they are now configured by server.enable_expvars and server.enable_pprof at any logging level. 2021-06-01 04:09:50 +00:00			`level: debug`
refactor(configuration): use key log instead of logging (#2072) * refactor: logging config key to log This refactors the recent pre-release change adding log options to their own configuration section in favor of a log section (from logging). * docs: add step to getting started to get the latest tagged commit This is so we avoid issues with changes on master having differences that don't work on the latest docker tag. * test: adjust tests * docs: adjust doc strings 2021-06-08 13:15:43 +00:00
[FEATURE] File Secrets (#896) * [FEATURE] File Secret Loading * add a validator for secrets * run the secrets validator before the main config validator * only allow a secret to be defined in one of: config, env, file env * remove LF if found in file * update configuration before main config validation * fix unit tests * implement secret testing * refactor the secrets validator * make check os agnostic * update docs * add warning when user attempts to use ENV instead of ENV file * discourage ENV in docs * update config template * oxford comma * apply suggestions from code review * rename Validate to ValidateConfiguration * add k8s example * add deprecation notice in docs and warning * style changes 2020-04-23 01:11:32 +00:00			`totp:`
			`issuer: authelia.com`

			`duo_api:`
			`hostname: api-123456789.example.com`
			`integration_key: ABCDEF`

			`authentication_backend:`
			`ldap:`
			`url: ldap://127.0.0.1`
			`base_dn: dc=example,dc=com`
			`username_attribute: uid`
			`additional_users_dn: ou=users`
			`users_filter: (&({username_attribute}={input})(objectCategory=person)(objectClass=user))`
			`additional_groups_dn: ou=groups`
perf(authentication): improve ldap dynamic replacement performance (#2239) This change means we only check the filters for the existence of placeholders that cannot be replaced at startup. We then utilized cached results of that lookup for subsequent replacements. 2021-08-05 04:17:07 +00:00			`groups_filter: (&(member={dn})(objectClass=groupOfNames))`
[FEATURE] File Secrets (#896) * [FEATURE] File Secret Loading * add a validator for secrets * run the secrets validator before the main config validator * only allow a secret to be defined in one of: config, env, file env * remove LF if found in file * update configuration before main config validation * fix unit tests * implement secret testing * refactor the secrets validator * make check os agnostic * update docs * add warning when user attempts to use ENV instead of ENV file * discourage ENV in docs * update config template * oxford comma * apply suggestions from code review * rename Validate to ValidateConfiguration * add k8s example * add deprecation notice in docs and warning * style changes 2020-04-23 01:11:32 +00:00			`group_name_attribute: cn`
			`mail_attribute: mail`
			`user: cn=admin,dc=example,dc=com`

			`access_control:`
			`default_policy: deny`

			`rules:`
			`# Rules applied to everyone`
			`- domain: public.example.com`
			`policy: bypass`

			`- domain: secure.example.com`
			`policy: one_factor`
			`# Network based rule, if not provided any network matches.`
			`networks:`
			`- 192.168.1.0/24`
			`- domain: secure.example.com`
			`policy: two_factor`

			`- domain: [singlefactor.example.com, onefactor.example.com]`
			`policy: one_factor`

			`# Rules applied to 'admins' group`
			`- domain: "mx2.mail.example.com"`
			`subject: "group:admins"`
			`policy: deny`
			`- domain: "*.example.com"`
			`subject: "group:admins"`
			`policy: two_factor`

			`# Rules applied to 'dev' group`
			`- domain: dev.example.com`
			`resources:`
			`- "^/groups/dev/.*$"`
			`subject: "group:dev"`
			`policy: two_factor`

			`# Rules applied to user 'john'`
			`- domain: dev.example.com`
			`resources:`
			`- "^/users/john/.*$"`
			`subject: "user:john"`
			`policy: two_factor`

			`# Rules applied to 'dev' group and user 'john'`
			`- domain: dev.example.com`
			`resources:`
			`- "^/deny-all.*$"`
			`subject: ["group:dev", "user:john"]`
[FEATURE] Validate ACLs and add network groups (#1568) * adds validation to ACL's * adds a new networks section that can be used as aliases in other sections (currently access_control) 2021-01-04 10:55:23 +00:00			`policy: deny`
[FEATURE] File Secrets (#896) * [FEATURE] File Secret Loading * add a validator for secrets * run the secrets validator before the main config validator * only allow a secret to be defined in one of: config, env, file env * remove LF if found in file * update configuration before main config validation * fix unit tests * implement secret testing * refactor the secrets validator * make check os agnostic * update docs * add warning when user attempts to use ENV instead of ENV file * discourage ENV in docs * update config template * oxford comma * apply suggestions from code review * rename Validate to ValidateConfiguration * add k8s example * add deprecation notice in docs and warning * style changes 2020-04-23 01:11:32 +00:00
			`# Rules applied to user 'harry'`
			`- domain: dev.example.com`
			`resources:`
			`- "^/users/harry/.*$"`
			`subject: "user:harry"`
			`policy: two_factor`

			`# Rules applied to user 'bob'`
			`- domain: "*.mail.example.com"`
			`subject: "user:bob"`
			`policy: two_factor`
			`- domain: "dev.example.com"`
			`resources:`
			`- "^/users/bob/.*$"`
			`subject: "user:bob"`
			`policy: two_factor`

			`session:`
			`name: authelia_session`
ci: add yamllint (#1895) This change implements yamllint and adjusts all yaml files to abide by our linting setup. This excludes config.template.yml as this will be done in an alternate commit. 2021-04-10 20:51:00 +00:00			`expiration: 3600000 # 1 hour`
			`inactivity: 300000 # 5 minutes`
[FEATURE] File Secrets (#896) * [FEATURE] File Secret Loading * add a validator for secrets * run the secrets validator before the main config validator * only allow a secret to be defined in one of: config, env, file env * remove LF if found in file * update configuration before main config validation * fix unit tests * implement secret testing * refactor the secrets validator * make check os agnostic * update docs * add warning when user attempts to use ENV instead of ENV file * discourage ENV in docs * update config template * oxford comma * apply suggestions from code review * rename Validate to ValidateConfiguration * add k8s example * add deprecation notice in docs and warning * style changes 2020-04-23 01:11:32 +00:00			`domain: example.com`
			`redis:`
			`host: 127.0.0.1`
			`port: 6379`

			`regulation:`
			`max_retries: 3`
			`find_time: 120`
			`ban_time: 300`

			`storage:`
			`mysql:`
			`host: 127.0.0.1`
			`port: 3306`
			`database: authelia`
			`username: authelia`

			`notifier:`
			`smtp:`
			`username: test`
			`host: 127.0.0.1`
			`port: 1025`
			`sender: admin@example.com`
ci: add yamllint (#1895) This change implements yamllint and adjusts all yaml files to abide by our linting setup. This excludes config.template.yml as this will be done in an alternate commit. 2021-04-10 20:51:00 +00:00			`disable_require_tls: true`
			`...`