File

Authelia supports a file based first factor user provider. This section describes configuring this.

Configuration

authentication_backend:
  file:
    path: /config/users.yml
    password:
      algorithm: argon2id
      iterations: 3
      key_length: 32
      salt_length: 16
      parallelism: 4
      memory: 64

Options

path

string required

The path to the file with the user details list. Supported file types are:

password

algorithm

string argon2id not required

Controls the hashing algorithm used for hashing new passwords. Value must be one of:

iterations

integer not required

Controls the number of hashing iterations done by the other hashing settings (Argon2 parameter t, SHA Crypt parameter rounds). This affects the effective cost of hashing.

AlgorithmMinimumDefaultRecommended
argon2id13See Recommendations
sha512100050000See Recommendations

key_length

integer 32 not required

Important: This setting is specific to the argon2id algorithm and unused with the sha512 algorithm.

Sets the key length of the Argon2 hash output. The minimum value is 16 with the recommended value of 32 being set as the default.

salt_length

integer 16 not required

Controls the length of the random salt added to each password before hashing. There is not a compelling reason to have this set to anything other than 16, however the minimum is 8 with the recommended value of 16 being set as the default.

parallelism

integer 4 not required

Important: This setting is specific to the argon2id algorithm and unused with the sha512 algorithm.

Sets the number of threads used by Argon2 when hashing passwords (Argon2 parameter p). The minimum value is 1 with the recommended value of 4 being set as the default. This affects the effective cost of hashing.

memory

integer 64 not required

Important: This setting is specific to the argon2id algorithm and unused with the sha512 algorithm.

Sets the amount of memory in megabytes allocated to a single password hashing calculation (Argon2 parameter m). This affects the effective cost of hashing.

This memory is released by go after the hashing process completes, however the operating system may not reclaim the memory until a later time such as when the system is experiencing memory pressure which may cause the appearance of more memory being in use than Authelia is actually actively using. Authelia will typically reuse this memory if it has not be reclaimed as long as another hashing calculation is not still utilizing it.

Reference

A reference guide exists specifically for choosing password hashing values. This section contains far more information than is practical to include in this configuration document. See the Passwords Reference Guide for more information.

This guide contains examples such as the User / Password File.