authelia/docs/configuration/storage/postgres.md

layout	title	parent	grand_parent	nav_order
default	PostgreSQL	Storage Backends	Configuration	3

PostgreSQL

The PostgreSQL storage provider.

Version support

See PostgreSQL support for the versions supported by PostgreSQL. We recommend the current minor version of one of the versions supported by PostgreSQL.

The versions of PostgreSQL that should be supported by Authelia are:

• 14
• 13
• 12
• 11
• 10
• 9.6

Configuration

storage:
  encryption_key: a_very_important_secret
  postgres:
    host: 127.0.0.1
    port: 5432
    database: authelia
    schema: public
    username: authelia
    password: mypassword
    ssl:
      mode: disable
      root_certificate: /path/to/root_cert.pem
      certificate: /path/to/cert.pem
      key: /path/to/key.pem

Options

encryption_key

See the encryption_key docs.

host

type: string {: .label .label-config .label-purple } required: yes {: .label .label-config .label-red }

The database server host.

If utilising an IPv6 literal address it must be enclosed by square brackets and quoted:

host: "[fd00:1111:2222:3333::1]"

port

type: integer {: .label .label-config .label-purple } default: 5432 {: .label .label-config .label-blue } required: no {: .label .label-config .label-green }

The port the database server is listening on.

database

type: string {: .label .label-config .label-purple } required: yes {: .label .label-config .label-red }

The database name on the database server that the assigned user has access to for the purpose of Authelia.

schema

type: string {: .label .label-config .label-purple } default: public {: .label .label-config .label-blue } required: no {: .label .label-config .label-green }

The database schema name to use on the database server that the assigned user has access to for the purpose of Authelia. By default this is the public schema.

username

type: string {: .label .label-config .label-purple } required: yes {: .label .label-config .label-red }

The username paired with the password used to connect to the database.

password

type: string {: .label .label-config .label-purple } required: yes {: .label .label-config .label-red }

The password paired with the username used to connect to the database. Can also be defined using a secret which is also the recommended way when running as a container.

timeout

type: duration {: .label .label-config .label-purple } default: 5s {: .label .label-config .label-blue } required: no {: .label .label-config .label-green }

The SQL connection timeout.

ssl

mode

type: string {: .label .label-config .label-purple } default: disable {: .label .label-config .label-blue } required: no {: .label .label-config .label-green }

SSL mode configures how to handle SSL connections with Postgres. Valid options are 'disable', 'require', 'verify-ca', or 'verify-full'. See the PostgreSQL Documentation or pgx - PostgreSQL Driver and Toolkit Documentation for more information.

root_certificate

type: string {: .label .label-config .label-purple } required: no {: .label .label-config .label-green }

The optional location of the root certificate file encoded in the PEM format for validation purposes.

certificate

type: string {: .label .label-config .label-purple } required: no {: .label .label-config .label-green }

The optional location of the certificate file encoded in the PEM format for validation purposes.

key

type: string {: .label .label-config .label-purple } required: no {: .label .label-config .label-green }

The optional location of the key file encoded in the PEM format for authentication purposes.