PostgreSQL

The PostgreSQL storage provider.

Version support

See PostgreSQL support for the versions supported by PostgreSQL. We recommend the current minor version of one of the versions supported by PostgreSQL.

The versions of PostgreSQL that should be supported by Authelia are:

  • 14
  • 13
  • 12
  • 11
  • 10
  • 9.6

Configuration

storage:
  encryption_key: a_very_important_secret
  postgres:
    host: 127.0.0.1
    port: 5432
    database: authelia
    schema: public
    username: authelia
    password: mypassword
    ssl:
      mode: disable
      root_certificate: /path/to/root_cert.pem
      certificate: /path/to/cert.pem
      key: /path/to/key.pem

Options

encryption_key

See the encryption_key docs.

host

string required

The database server host.

If utilising an IPv6 literal address it must be enclosed by square brackets and quoted:

host: "[fd00:1111:2222:3333::1]"

port

integer 5432 not required

The port the database server is listening on.

database

string required

The database name on the database server that the assigned user has access to for the purpose of Authelia.

schema

string public not required

The database schema name to use on the database server that the assigned user has access to for the purpose of Authelia. By default this is the public schema.

username

string required

The username paired with the password used to connect to the database.

password

string required

Important Note: This can also be defined using a secret which is strongly recommended especially for containerized deployments.

The password paired with the username used to connect to the database.

It’s strongly recommended this is a Random Alphanumeric String with 64 or more characters and the user password is changed to this value.

timeout

duration 5s not required

The SQL connection timeout.

ssl

mode

string disable not required

SSL mode configures how to handle SSL connections with Postgres. Valid options are ‘disable’, ‘require’, ‘verify-ca’, or ‘verify-full’. See the PostgreSQL Documentation or pgx - PostgreSQL Driver and Toolkit Documentation for more information.

root_certificate

string not required

The optional location of the root certificate file encoded in the PEM format for validation purposes.

certificate

string not required

The optional location of the certificate file encoded in the PEM format for validation purposes.

key

string not required

The optional location of the key file encoded in the PEM format for authentication purposes.