---
layout: default
title: PostgreSQL
parent: Storage Backends
grand_parent: Configuration
nav_order: 3
---
# PostgreSQL
The PostgreSQL storage provider.
## Version support
See [PostgreSQL support](https://www.postgresql.org/support/versioning/) for the versions supported by PostgreSQL. We
recommend the _current minor_ version of one of the versions supported by PostgreSQL.
The versions of PostgreSQL that should be supported by Authelia are:
- 14
- 13
- 12
- 11
- 10
- 9.6
## Configuration
```yaml
storage:
encryption_key: a_very_important_secret
postgres:
host: 127.0.0.1
port: 5432
database: authelia
schema: public
username: authelia
password: mypassword
ssl:
mode: disable
root_certificate: /path/to/root_cert.pem
certificate: /path/to/cert.pem
key: /path/to/key.pem
```
## Options
### encryption_key
See the [encryption_key docs](./index.md#encryption_key).
### host
type: string
{: .label .label-config .label-purple }
required: yes
{: .label .label-config .label-red }
The database server host.
If utilising an IPv6 literal address it must be enclosed by square brackets and quoted:
```yaml
host: "[fd00:1111:2222:3333::1]"
```
### port
type: integer
{: .label .label-config .label-purple }
default: 5432
{: .label .label-config .label-blue }
required: no
{: .label .label-config .label-green }
The port the database server is listening on.
### database
type: string
{: .label .label-config .label-purple }
required: yes
{: .label .label-config .label-red }
The database name on the database server that the assigned [user](#username) has access to for the purpose of
**Authelia**.
### schema
type: string
{: .label .label-config .label-purple }
default: public
{: .label .label-config .label-blue }
required: no
{: .label .label-config .label-green }
The database schema name to use on the database server that the assigned [user](#username) has access to for the purpose
of **Authelia**. By default this is the public schema.
### username
type: string
{: .label .label-config .label-purple }
required: yes
{: .label .label-config .label-red }
The username paired with the password used to connect to the database.
### password
type: string
{: .label .label-config .label-purple }
required: yes
{: .label .label-config .label-red }
The password paired with the username used to connect to the database. Can also be defined using a
[secret](../secrets.md) which is also the recommended way when running as a container.
### timeout
type: duration
{: .label .label-config .label-purple }
default: 5s
{: .label .label-config .label-blue }
required: no
{: .label .label-config .label-green }
The SQL connection timeout.
### ssl
#### mode
type: string
{: .label .label-config .label-purple }
default: disable
{: .label .label-config .label-blue }
required: no
{: .label .label-config .label-green }
SSL mode configures how to handle SSL connections with Postgres.
Valid options are 'disable', 'require', 'verify-ca', or 'verify-full'.
See the [PostgreSQL Documentation](https://www.postgresql.org/docs/12/libpq-ssl.html)
or [pgx - PostgreSQL Driver and Toolkit Documentation](https://pkg.go.dev/github.com/jackc/pgx?tab=doc)
for more information.
#### root_certificate
type: string
{: .label .label-config .label-purple }
required: no
{: .label .label-config .label-green }
The optional location of the root certificate file encoded in the PEM format for validation purposes.
#### certificate
type: string
{: .label .label-config .label-purple }
required: no
{: .label .label-config .label-green }
The optional location of the certificate file encoded in the PEM format for validation purposes.
#### key
type: string
{: .label .label-config .label-purple }
required: no
{: .label .label-config .label-green }
The optional location of the key file encoded in the PEM format for authentication purposes.