Fork me on GitHub Link Search Menu Expand Document Survey contribution
Help the team improve Authelia by taking this 10-second survey.

This section documents changes in the configuration which may require manual migration by the administrator. Typically this only occurs when a configuration key is renamed or moved to a more appropriate location.


The migrations are formatted in a table with the old key and the new key. Periods indicate a different section which can be represented in YAML as a dictionary i.e. it’s indented.

In our table with a value of is represented in YAML like this:



Our deprecation policy for configuration keys is 3 minor versions. For example if a configuration option is deprecated in version 4.30.0, it will remain as a warning for 4.30.x, 4.31.x, and 4.32.x; then it will become a fatal error in 4.33.0+.



The options deprecated in version 4.30.0 have been fully removed as per our deprecation policy and warnings logged for users.


The following changes occurred in 4.30.0:

Previous Key New Key
port server.port
tls_key server.tls.key
tls_cert server.tls.certificate
log_level log.level
log_file_path log.file_path
log_format log.format

Please Note: you can no longer define secrets for providers that you are not using. For example if you’re using the filesystem notifier you must ensure that the AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE environment variable or other environment variables set. This also applies to other providers like storage and authentication backend.

Kubernetes 4.30.0

Please Note: if you’re using Authelia with Kubernetes and are not using the provided helm chart you will be required to set the following option in your PodSpec. Keeping in mind this example is for a Pod, not for a Deployment, StatefulSet, or DaemonSet; you will need to adapt the enableServiceLinks option to fit into the relevant location depending on your needs.

apiVersion: v1
kind: Pod
  name: authelia
  enableServiceLinks: false


The following changes occurred in 4.25.0:

Previous Key New Key
authentication_backend.ldap.tls.skip_verify authentication_backend.ldap.tls.skip_verify
authentication_backend.ldap.minimum_tls_version authentication_backend.ldap.tls.minimum_version
notifier.smtp.disable_verify_cert notifier.smtp.tls.skip_verify
notifier.smtp.trusted_cert certificates_directory

Please Note: certificates_directory is not a direct replacement for the notifier.smtp.trusted_cert, instead of being the path to a specific file it is a path to a directory containing certificates trusted by Authelia. This affects other services like LDAP as well.


The following changes occurred in 4.7.0:

Previous Key New Key
logs_level log_level
logs_file log_file

Please Note: The new keys also changed in 4.30.0 so you will need to update them to the new values if you are using 4.30.0 or newer instead of the new keys listed here.