authelia/docs/configuration/migration.md

---
layout: default
title: Migration
parent: Configuration
nav_order: 6
---

This section documents changes in the configuration which may require manual migration by the administrator. Typically
this only occurs when a configuration key is renamed or moved to a more appropriate location.

## Format

The migrations are formatted in a table with the old key and the new key. Periods indicate a different section which can
be represented in YAML as a dictionary i.e. it's indented.

In our table `server.host` with a value of `0.0.0.0` is represented in YAML like this:

```yaml
server:
  host: 0.0.0.0
```

## Policy
Our deprecation policy for configuration keys is 3 minor versions. For example if a configuration option is deprecated
in version 4.30.0, it will remain as a warning for 4.30.x, 4.31.x, and 4.32.x; then it will become a fatal error in
4.33.0+. 

## Migrations

### 4.33.0
The options deprecated in version [4.30.0](#4300) have been fully removed as per our deprecation policy and warnings
logged for users.

### 4.30.0
The following changes occurred in 4.30.0:

|Previous Key |New Key               |
|:-----------:|:--------------------:|
|host         |server.host           |
|port         |server.port           |
|tls_key      |server.tls.key        |
|tls_cert     |server.tls.certificate|
|log_level    |log.level             |
|log_file_path|log.file_path         |
|log_format   |log.format            |

_**Please Note:** you can no longer define secrets for providers that you are not using. For example if you're using the 
[filesystem notifier](./notifier/filesystem.md) you must ensure that the `AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE` 
environment variable or other environment variables set. This also applies to other providers like 
[storage](./storage/index.md) and [authentication backend](./authentication/index.md)._

#### Kubernetes 4.30.0

_**Please Note:** if you're using Authelia with Kubernetes and are not using the provided [helm chart](https://charts.authelia.com)
you will be required to set the following option in your PodSpec. Keeping in mind this example is for a Pod, not for
a Deployment, StatefulSet, or DaemonSet; you will need to adapt the `enableServiceLinks` option to fit into the relevant
location depending on your needs._

```yaml
---
apiVersion: v1
kind: Pod
metadata:
  name: authelia
spec:
  enableServiceLinks: false
...
```

### 4.25.0

The following changes occurred in 4.25.0:

|Previous Key                                   |New Key                                        |
|:---------------------------------------------:|:---------------------------------------------:|
|authentication_backend.ldap.tls.skip_verify    |authentication_backend.ldap.tls.skip_verify    |
|authentication_backend.ldap.minimum_tls_version|authentication_backend.ldap.tls.minimum_version|
|notifier.smtp.disable_verify_cert              |notifier.smtp.tls.skip_verify                  |
|notifier.smtp.trusted_cert                     |certificates_directory                         |

_**Please Note:** `certificates_directory` is not a direct replacement for the `notifier.smtp.trusted_cert`, instead
of being the path to a specific file it is a path to a directory containing certificates trusted by Authelia. This
affects other services like LDAP as well._

### 4.7.0

The following changes occurred in 4.7.0:

|Previous Key|New Key  |
|:----------:|:-------:|
|logs_level  |log_level|
|logs_file   |log_file |

_**Please Note:** The new keys also changed in [4.30.0](#4.30.0) so you will need to update them to the new values if you
are using [4.30.0](#4.30.0) or newer instead of the new keys listed here._