PostgreSQL

Version support

See the PostgreSQL Database Integration reference guide for supported version information.

Variables

Some of the values within this page can automatically be replaced with documentation variables.

Configuration

Example Configuration

This section is intended as an example configuration to help users with a rough contextual layout of this configuration section, it is not intended to explain the options. The configuration shown may not be a valid configuration, and you should see the options section below and the navigation links to properly understand each option individually.

configuration.yml
storage:
  encryption_key: 'a_very_important_secret'
  postgres:
    address: 'tcp://127.0.0.1:5432'
    database: 'authelia'
    schema: 'public'
    username: 'authelia'
    password: 'mypassword'
    timeout: '5s'
    tls:
      server_name: 'postgres.example.com'
      skip_verify: false
      minimum_version: 'TLS1.2'
      maximum_version: 'TLS1.3'
      certificate_chain: |
        -----BEGIN CERTIFICATE-----
        ...
        -----END CERTIFICATE-----
        -----BEGIN CERTIFICATE-----
        ...
        -----END CERTIFICATE-----        
      private_key: |
        -----BEGIN RSA PRIVATE KEY-----
        ...
        -----END RSA PRIVATE KEY-----        

Options

This section describes the individual configuration options.

encryption_key

See the encryption_key docs.

address

string address required

Reference Note

This configuration option uses a common syntax. For more information please see both the configuration example and the Common Syntax: Address reference guide.

Configures the address for the PostgreSQL Server. The address itself is a connector and the scheme must either be the unix scheme or one of the tcp schemes.

Examples:

configuration.yml
storage:
  postgres:
    address: 'tcp://127.0.0.1:5432'
configuration.yml
storage:
  postgres:
    address: 'tcp://[fd00:1111:2222:3333::1]:5432'
configuration.yml
storage:
  postgres:
    address: 'unix:///var/run/postgres.sock'

database

string required

The database name on the database server that the assigned user has access to for the purpose of Authelia.

schema

string public not required

The database schema name to use on the database server that the assigned user has access to for the purpose of Authelia. By default this is the public schema.

username

string required

The username paired with the password used to connect to the database.

password

string required

Important Note

This can also be defined using a secret which is strongly recommended especially for containerized deployments.

The password paired with the username used to connect to the database.

It’s strongly recommended this is a Random Alphanumeric String with 64 or more characters and the user password is changed to this value.

timeout

string integer duration 5 seconds not required

Reference Note

This configuration option uses a common syntax. For more information please see both the configuration example and the Common Syntax: Duration reference guide.

The SQL connection timeout.

tls

structure tls not required

Reference Note

This configuration option uses a common structure. For more information please see both the configuration example and the Common Structure: TLS reference guide.

If defined enables connecting over a TLS socket and additionally controls the TLS connection verification parameters for the PostgreSQL server.

By default Authelia uses the system certificate trust for TLS certificate verification of TLS connections and the certificates_directory global option can be used to augment this.