Additional environment variables to provide to authelia

Name is used as a suffix for the service name, user, and group

Multi-domain protection currently requires multiple instances of Authelia

It is recommended you keep your secrets separate from the configuration

Here you can provide authelia with configuration files or directories

Configuring authelia's secret files via the secrets attribute set is intended to be convenient and help catch cases where values are required to run at all

Path to your JWT secret used during identity verificaton.

Path to your HMAC secret used to sign OIDC JWTs.

Path to your session secret

Path to your private key file used to encrypt OIDC JWTs.

Path to your storage encryption key.

LiveKit key file holding one or multiple application secrets

A list of files containing the various secrets

LiveKit key file holding one or multiple application secrets

config.xml configuration as a Nix attribute set

List of paths files that follows systemd environmentfile structure

Secrets to append to the initrd

Secrets to run PeerTube

A list of files containing the various secrets

File containing environment variables to substitute when copying the configuration out of Nix store to the services.mautrix-meta.dataDir

The name of the user for this authelia instance.

A list of files containing the various secrets

The name of the group for this authelia instance.

A file containing the secrets for the dynamic DNS provider

Whether to enable Authelia instance.

A file containing the secret used to encrypt secrets for OTP tokens

A file containing the various secrets

A list of paths to NNCP configuration files that should not be in the Nix store

yaml file containing all secrets. this needs to be in the same structure as the configuration

Path of a file with extra environment variables to be loaded from disk

Path to file containing secrets for Pomerium, in systemd EnvironmentFile format

Secret files to read into entries in config.php

This is a small wrapper over systemd's LoadCredential

A file containing the secret used to encrypt variables in the DB

A file containing the secret used to encrypt session keys

Default location for kubernetes secrets

Attribute set of filesystem paths

A list of paths to IPSec secret files

File containing the access token for Draupnir's Matrix account to be used in place of services.draupnir.settings.accessToken.

A file containing the secret used to encrypt variables in the DB

The authelia package to use.

File consisting of lines of the form varname=value to define variables for the wireless configuration

The secret data used to encode the SRS address. to generate, use a command like: for n in $(seq 5); do dd if=/dev/urandom count=1 bs=1024 status=none | sha256sum | sed 's/ -$//' | sed 's/^/ /'; done

Secret keys used for signing and verification.

A list of files containing the various secrets

EAP secret section for a specific secret

Path to the file containing the secret keys.

A file containing the salt for active record encryption in the DB

Your Authelia config.yml as a Nix attribute set

Sensitive configuration values such as passwords, API keys, and tokens

NTLM secret section for a specific secret

The theme to display.

EAP secret section for a specific secret

Level of verbosity for logs.

Format the logs are written as.

Secrets like SECRET_KEY_BASE and BASIC_AUTH_PASSWORD should be passed to the service without adding them to the world-readable Nix store

uWSGI configuration

Instance ID for when running multiple processes (default null).

Instance name used to distinguish between different instances

Path to a JSON file containing secrets for effects

Path to a JSON file containing secrets for effects

A file containing the secret used to encrypt some rails data in the DB

Private key decryption passphrase for a key in the rsa folder.

Postquantum Preshared Key (PPK) section for a specific secret

IKE preshared secret section for a specific secret

The instance ID to listen for events for.

Private key decryption passphrase for a key in the ecdsa folder.

Definition for a private key that's stored on a token/smartcard/TPM.

Private key decryption passphrase for a key in the pkcs8 folder.

The address to listen on.

JSON file containing secret keys

TLS certificates are obtained by modules called "certificate loaders"

File name in the rsa folder for which this passphrase should be used.

PKCS#12 decryption passphrase for a container in the pkcs12 folder.

File path where the logs will be written

Instance name.

The instance url to which the provisioning tool should connect.

PPK identity the PPK belongs to

Identity the EAP/XAuth secret belongs to

Optional slot number to access the token.

IKE identity the IKE preshared secret belongs to

Path to the API key to authenticate with a local CrowdSec API

File name in the ecdsa folder for which this passphrase should be used.

File name in the pkcs8 folder for which this passphrase should be used.

Identity the NTLM secret belongs to

Private key decryption passphrase for a key in the private folder.

Value of decryption passphrase for RSA key.

Instance administrator email.

Optional PIN required to access the key on the token

Identity the EAP/XAuth secret belongs to

File name in the pkcs12 folder for which this passphrase should be used.

Value of decryption passphrase for ECDSA key.

Value of decryption passphrase for PKCS#8 key.

Optional PKCS#11 module name to access the token.

Path to file that contains LDAP password for user in {option}`ldap.username

File name in the private folder for which this passphrase should be used.

Hex-encoded CKA_ID or handle of the private key on the token or TPM, respectively.

Value of the EAP/XAuth secret

Value of the IKE preshared secret

Value of decryption passphrase for PKCS#12 container.