181 lines
4.1 KiB
Markdown
181 lines
4.1 KiB
Markdown
---
|
|
layout: default
|
|
title: PostgreSQL
|
|
parent: Storage Backends
|
|
grand_parent: Configuration
|
|
nav_order: 3
|
|
---
|
|
|
|
# PostgreSQL
|
|
|
|
The PostgreSQL storage provider.
|
|
|
|
## Version support
|
|
|
|
See [PostgreSQL support](https://www.postgresql.org/support/versioning/) for the versions supported by PostgreSQL. We
|
|
recommend the _current minor_ version of one of the versions supported by PostgreSQL.
|
|
|
|
The versions of PostgreSQL that should be supported by Authelia are:
|
|
- 14
|
|
- 13
|
|
- 12
|
|
- 11
|
|
- 10
|
|
- 9.6
|
|
|
|
## Configuration
|
|
|
|
```yaml
|
|
storage:
|
|
encryption_key: a_very_important_secret
|
|
postgres:
|
|
host: 127.0.0.1
|
|
port: 5432
|
|
database: authelia
|
|
schema: public
|
|
username: authelia
|
|
password: mypassword
|
|
ssl:
|
|
mode: disable
|
|
root_certificate: /path/to/root_cert.pem
|
|
certificate: /path/to/cert.pem
|
|
key: /path/to/key.pem
|
|
```
|
|
|
|
## Options
|
|
|
|
### encryption_key
|
|
See the [encryption_key docs](./index.md#encryption_key).
|
|
|
|
### host
|
|
<div markdown="1">
|
|
type: string
|
|
{: .label .label-config .label-purple }
|
|
required: yes
|
|
{: .label .label-config .label-red }
|
|
</div>
|
|
|
|
The database server host.
|
|
|
|
If utilising an IPv6 literal address it must be enclosed by square brackets and quoted:
|
|
```yaml
|
|
host: "[fd00:1111:2222:3333::1]"
|
|
```
|
|
|
|
### port
|
|
<div markdown="1">
|
|
type: integer
|
|
{: .label .label-config .label-purple }
|
|
default: 5432
|
|
{: .label .label-config .label-blue }
|
|
required: no
|
|
{: .label .label-config .label-green }
|
|
</div>
|
|
|
|
The port the database server is listening on.
|
|
|
|
### database
|
|
<div markdown="1">
|
|
type: string
|
|
{: .label .label-config .label-purple }
|
|
required: yes
|
|
{: .label .label-config .label-red }
|
|
</div>
|
|
|
|
The database name on the database server that the assigned [user](#username) has access to for the purpose of
|
|
**Authelia**.
|
|
|
|
### schema
|
|
<div markdown="1">
|
|
type: string
|
|
{: .label .label-config .label-purple }
|
|
default: public
|
|
{: .label .label-config .label-blue }
|
|
required: no
|
|
{: .label .label-config .label-green }
|
|
</div>
|
|
|
|
The database schema name to use on the database server that the assigned [user](#username) has access to for the purpose
|
|
of **Authelia**. By default this is the public schema.
|
|
|
|
### username
|
|
<div markdown="1">
|
|
type: string
|
|
{: .label .label-config .label-purple }
|
|
required: yes
|
|
{: .label .label-config .label-red }
|
|
</div>
|
|
|
|
The username paired with the password used to connect to the database.
|
|
|
|
### password
|
|
<div markdown="1">
|
|
type: string
|
|
{: .label .label-config .label-purple }
|
|
required: yes
|
|
{: .label .label-config .label-red }
|
|
</div>
|
|
|
|
The password paired with the username used to connect to the database. Can also be defined using a
|
|
[secret](../secrets.md) which is also the recommended way when running as a container.
|
|
|
|
### timeout
|
|
<div markdown="1">
|
|
type: duration
|
|
{: .label .label-config .label-purple }
|
|
default: 5s
|
|
{: .label .label-config .label-blue }
|
|
required: no
|
|
{: .label .label-config .label-green }
|
|
</div>
|
|
|
|
The SQL connection timeout.
|
|
|
|
### ssl
|
|
|
|
#### mode
|
|
<div markdown="1">
|
|
type: string
|
|
{: .label .label-config .label-purple }
|
|
default: disable
|
|
{: .label .label-config .label-blue }
|
|
required: no
|
|
{: .label .label-config .label-green }
|
|
</div>
|
|
|
|
SSL mode configures how to handle SSL connections with Postgres.
|
|
Valid options are 'disable', 'require', 'verify-ca', or 'verify-full'.
|
|
See the [PostgreSQL Documentation](https://www.postgresql.org/docs/12/libpq-ssl.html)
|
|
or [pgx - PostgreSQL Driver and Toolkit Documentation](https://pkg.go.dev/github.com/jackc/pgx?tab=doc)
|
|
for more information.
|
|
|
|
#### root_certificate
|
|
<div markdown="1">
|
|
type: string
|
|
{: .label .label-config .label-purple }
|
|
required: no
|
|
{: .label .label-config .label-green }
|
|
</div>
|
|
|
|
The optional location of the root certificate file encoded in the PEM format for validation purposes.
|
|
|
|
#### certificate
|
|
<div markdown="1">
|
|
type: string
|
|
{: .label .label-config .label-purple }
|
|
required: no
|
|
{: .label .label-config .label-green }
|
|
</div>
|
|
|
|
The optional location of the certificate file encoded in the PEM format for validation purposes.
|
|
|
|
#### key
|
|
<div markdown="1">
|
|
type: string
|
|
{: .label .label-config .label-purple }
|
|
required: no
|
|
{: .label .label-config .label-green }
|
|
</div>
|
|
|
|
The optional location of the key file encoded in the PEM format for authentication purposes.
|