RPJosh
/
authelia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
authelia/docs/content/en/configuration/storage/postgres.md

142 lines
3.4 KiB
Markdown
Raw Blame History

---
title: "PostgreSQL"
description: "PostgreSQL Configuration"
lead: "The PostgreSQL storage provider."
date: 2022-03-20T12:52:27+11:00
draft: false
images: []
menu:
configuration:
parent: "storage"
weight: 106400
toc: true
aliases:
- /docs/configuration/storage/postgres.html
---
## Version support
See [PostgreSQL support](https://www.postgresql.org/support/versioning/) for the versions supported by PostgreSQL. We
recommend the *current minor* version of one of the versions supported by PostgreSQL.
The versions of PostgreSQL that should be supported by Authelia are:
* 14
* 13
* 12
* 11
* 10
* 9.6
## Configuration
```yaml
storage:
encryption_key: a_very_important_secret
postgres:
host: 127.0.0.1
port: 5432
database: authelia
schema: public
username: authelia
password: mypassword
ssl:
mode: disable
root_certificate: /path/to/root_cert.pem
certificate: /path/to/cert.pem
key: /path/to/key.pem
```
## Options
### encryption_key
See the [encryption_key docs](introduction.md#encryption_key).
### host
{{< confkey type="string" required="yes" >}}
The database server host.
If utilising an IPv6 literal address it must be enclosed by square brackets and quoted:
```yaml
host: "[fd00:1111:2222:3333::1]"
```
### port
{{< confkey type="integer" default="5432" required="no" >}}
The port the database server is listening on.
### database
{{< confkey type="string" required="yes" >}}
The database name on the database server that the assigned [user](#username) has access to for the purpose of
__Authelia__.
### schema
{{< confkey type="string" default="public" required="no" >}}
The database schema name to use on the database server that the assigned [user](#username) has access to for the purpose
of __Authelia__. By default this is the public schema.
### username
{{< confkey type="string" required="yes" >}}
The username paired with the password used to connect to the database.
### password
{{< confkey type="string" required="yes" >}}
*__Important Note:__ This can also be defined using a [secret](../methods/secrets.md) which is __strongly recommended__
especially for containerized deployments.*
The password paired with the [username](#username) used to connect to the database.
It's __strongly recommended__ this is a
[Random Alphanumeric String](../miscellaneous/guides.md#generating-a-random-alphanumeric-string) with 64 or more
characters and the user password is changed to this value.
### timeout
{{< confkey type="duration" default="5s" required="no" >}}
The SQL connection timeout.
### ssl
#### mode
{{< confkey type="string" default="disable" required="no" >}}
SSL mode configures how to handle SSL connections with Postgres.
Valid options are 'disable', 'require', 'verify-ca', or 'verify-full'.
See the [PostgreSQL Documentation](https://www.postgresql.org/docs/12/libpq-ssl.html)
or [pgx - PostgreSQL Driver and Toolkit Documentation](https://pkg.go.dev/github.com/jackc/pgx?tab=doc)
for more information.
#### root_certificate
{{< confkey type="string" required="no" >}}
The optional location of the root certificate file encoded in the PEM format for validation purposes.
#### certificate
{{< confkey type="string" required="no" >}}
The optional location of the certificate file encoded in the PEM format for validation purposes.
#### key
{{< confkey type="string" required="no" >}}
The optional location of the key file encoded in the PEM format for authentication purposes.
Reference in New Issue View Git Blame Copy Permalink