2021-03-12 15:43:31 +00:00
---
2021-05-05 17:52:07 +00:00
title: Configuration
2021-03-12 15:43:31 +00:00
---
2021-05-05 17:52:07 +00:00
These are all the configuration options you can set via environment variables.
2021-03-12 15:43:31 +00:00
Append any of the following keys to your `.env` file, and run `docker-compose up -d` to apply them.
2021-05-08 15:14:14 +00:00
:::info
The double-underscores are intentional, as all these settings are translated to yaml internally, a double-underscore indicates the next level.
:::
All of these variables can be set to values, but you can also use a URI-like format to load values from other places:
- `env://<name>` Loads the value from the environment variable `<name>` . Fallback can be optionally set like `env://<name>?<default>`
- `file://<name>` Loads the value from the file `<name>` . Fallback can be optionally set like `file://<name>?<default>`
## PostgreSQL Settings
- `AUTHENTIK_POSTGRESQL__HOST` : Hostname of your PostgreSQL Server
- `AUTHENTIK_POSTGRESQL__NAME` : Database name
- `AUTHENTIK_POSTGRESQL__USER` : Database user
2021-08-12 00:24:36 +00:00
- `AUTHENTIK_POSTGRESQL__PORT` : Database port, defaults to 5432
2021-05-08 15:14:14 +00:00
- `AUTHENTIK_POSTGRESQL__PASSWORD` : Database password, defaults to the environment variable `POSTGRES_PASSWORD`
2021-09-02 07:41:31 +00:00
### PostgreSQL Backup Settings
2021-10-26 15:04:27 +00:00
- `AUTHENTIK_POSTGRESQL__BACKUP__ENABLED` : Controls if the inbuilt backup-mechanism is enabled, defaults to true (new in 2021.10).
2021-09-02 07:41:31 +00:00
Optionally enable automated database backups to S3 or S3-compatible storages.
- `AUTHENTIK_POSTGRESQL__S3_BACKUP__ACCESS_KEY` : S3 Access Key
- `AUTHENTIK_POSTGRESQL__S3_BACKUP__SECRET_KEY` : S3 Secret Key
- `AUTHENTIK_POSTGRESQL__S3_BACKUP__BUCKET` : S3 Bucket
- `AUTHENTIK_POSTGRESQL__S3_BACKUP__REGION` : S3 Region, defaults to `eu-central-1`
- `AUTHENTIK_POSTGRESQL__S3_BACKUP__LOCATION` : Relative Location of the files to the bucket. Defaults to the root of the bucket.
To use an S3-compatible storage, set the following settings.
- `AUTHENTIK_POSTGRESQL__S3_BACKUP__HOST` : URL to the Service, for example `https://play.min.io`
- `AUTHENTIK_POSTGRESQL__S3_BACKUP__INSECURE_SKIP_VERIFY` : Set to `true` to disable SSL Certificate verification.
2021-05-08 15:14:14 +00:00
## Redis Settings
- `AUTHENTIK_REDIS__HOST` : Hostname of your Redis Server
- `AUTHENTIK_REDIS__PASSWORD` : Password for your Redis Server
- `AUTHENTIK_REDIS__CACHE_DB` : Database for caching, defaults to 0
- `AUTHENTIK_REDIS__MESSAGE_QUEUE_DB` : Database for the message queue, defaults to 1
- `AUTHENTIK_REDIS__WS_DB` : Database for websocket connections, defaults to 2
2021-08-07 20:12:22 +00:00
- `AUTHENTIK_REDIS__OUTPOST_SESSION_DB` : Database for sessions for the embedded outpost, defaults to 3
2021-06-21 08:18:49 +00:00
- `AUTHENTIK_REDIS__CACHE_TIMEOUT` : Timeout for cached data until it expires in seconds, defaults to 300
- `AUTHENTIK_REDIS__CACHE_TIMEOUT_FLOWS` : Timeout for cached flow plans until they expire in seconds, defaults to 300
2021-09-24 13:37:54 +00:00
- `AUTHENTIK_REDIS__CACHE_TIMEOUT_POLICIES` : Timeout for cached policies until they expire in seconds, defaults to 300
2021-06-21 08:18:49 +00:00
- `AUTHENTIK_REDIS__CACHE_TIMEOUT_REPUTATION` : Timeout for cached reputation until they expire in seconds, defaults to 300
2021-05-08 15:14:14 +00:00
## authentik Settings
2021-09-05 17:58:42 +00:00
### AUTHENTIK_SECRET_KEY
2021-09-24 13:37:54 +00:00
Secret key used for cookie signing and unique user IDs, don't change this after the first install.
2021-09-05 17:58:42 +00:00
2021-05-08 15:14:14 +00:00
### AUTHENTIK_LOG_LEVEL
2021-03-12 15:43:31 +00:00
Log level for the server and worker containers. Possible values: debug, info, warning, error
2021-12-21 12:14:09 +00:00
Starting with 2021.12.3, you can also set the log level to *trace* . This has no affect on the core authentik server, but shows additional messages for the embedded outpost.
2021-03-12 15:43:31 +00:00
Defaults to `info` .
2021-10-20 16:26:22 +00:00
### AUTHENTIK_COOKIE_DOMAIN
Which domain the session cookie should be set to. By default, the cookie is set to the domain authentik is accessed under.
### AUTHENTIK_DISABLE_UPDATE_CHECK
Disable the inbuilt update-checker. Defaults to `false` .
2021-09-11 18:35:23 +00:00
2021-05-08 15:14:14 +00:00
### AUTHENTIK_ERROR_REPORTING
2021-03-12 15:43:31 +00:00
2021-04-22 20:31:24 +00:00
- `AUTHENTIK_ERROR_REPORTING__ENABLED`
2021-03-12 15:43:31 +00:00
Enable error reporting. Defaults to `false` .
Error reports are sent to https://sentry.beryju.org, and are used for debugging and general feedback. Anonymous performance data is also sent.
2021-04-22 20:31:24 +00:00
- `AUTHENTIK_ERROR_REPORTING__ENVIRONMENT`
2021-03-12 15:43:31 +00:00
Unique environment that is attached to your error reports, should be set to your email address for example. Defaults to `customer` .
2021-04-22 20:31:24 +00:00
- `AUTHENTIK_ERROR_REPORTING__SEND_PII`
2021-03-12 15:43:31 +00:00
Whether or not to send personal data, like usernames. Defaults to `false` .
2021-05-08 15:14:14 +00:00
### AUTHENTIK_EMAIL
2021-03-12 15:43:31 +00:00
2021-04-22 20:31:24 +00:00
- `AUTHENTIK_EMAIL__HOST`
2021-03-12 15:43:31 +00:00
Default: `localhost`
2021-04-22 20:31:24 +00:00
- `AUTHENTIK_EMAIL__PORT`
2021-03-12 15:43:31 +00:00
Default: `25`
2021-04-22 20:31:24 +00:00
- `AUTHENTIK_EMAIL__USERNAME`
2021-03-12 15:43:31 +00:00
2021-11-21 20:52:29 +00:00
Default: `` (Don't add quotation marks)
2021-03-12 15:43:31 +00:00
2021-04-22 20:31:24 +00:00
- `AUTHENTIK_EMAIL__PASSWORD`
2021-03-12 15:43:31 +00:00
2021-11-21 20:52:29 +00:00
Default: `` (Don't add quotation marks)
2021-03-12 15:43:31 +00:00
2021-04-22 20:31:24 +00:00
- `AUTHENTIK_EMAIL__USE_TLS`
2021-03-12 15:43:31 +00:00
Default: `false`
2021-04-22 20:31:24 +00:00
- `AUTHENTIK_EMAIL__USE_SSL`
2021-03-12 15:43:31 +00:00
Default: `false`
2021-04-22 20:31:24 +00:00
- `AUTHENTIK_EMAIL__TIMEOUT`
2021-03-12 15:43:31 +00:00
Default: `10`
2021-04-22 20:31:24 +00:00
- `AUTHENTIK_EMAIL__FROM`
2021-03-12 15:43:31 +00:00
Default: `authentik@localhost`
Email address authentik will send from, should have a correct @domain
2021-05-08 15:14:14 +00:00
### AUTHENTIK_OUTPOSTS
2021-03-12 15:43:31 +00:00
2021-11-15 14:58:04 +00:00
- `AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE`
2021-03-12 15:43:31 +00:00
2021-06-08 13:32:23 +00:00
Placeholders:
- `%(type)s` : Outpost type; proxy, ldap, etc
- `%(version)s` : Current version; 2021.4.1
- `%(build_hash)s` : Build hash if you're running a beta version
2021-12-21 12:54:49 +00:00
Placeholder for outpost docker images. Default: `ghcr.io/goauthentik/%(type)s:%(version)s` .
2021-03-12 15:43:31 +00:00
2021-06-22 10:24:23 +00:00
### AUTHENTIK_AVATARS
2021-03-12 15:43:31 +00:00
2021-06-22 10:24:23 +00:00
Configure how authentik should show avatars for users. Following values can be set:
2021-03-12 15:43:31 +00:00
2021-06-22 10:24:23 +00:00
- `none` : Disables per-user avatars and just shows a 1x1 pixel transparent picture
2021-11-10 10:28:20 +00:00
- `gravatar` : Uses gravatar with the user's email address (default)
2021-06-22 10:24:23 +00:00
- Any URL: If you want to use images hosted on another server, you can set any URL.
Additionally, these placeholders can be used:
- `%(username)s` : The user's username
- `%(mail_hash)s` : The email address, md5 hashed
- `%(upn)s` : The user's UPN, if set (otherwise an empty string)
2021-11-07 20:39:25 +00:00
2022-01-04 18:03:12 +00:00
### AUTHENTIK_DEFAULT_USER_CHANGE_NAME
:::info
Requires authentik 2021.12.5
:::
Enable the ability for users to change their name, defaults to `true` .
2021-11-13 21:33:03 +00:00
### AUTHENTIK_DEFAULT_USER_CHANGE_EMAIL
:::info
2021-12-18 14:34:39 +00:00
Requires authentik 2021.12.1
2021-11-13 21:33:03 +00:00
:::
Enable the ability for users to change their Email address, defaults to `true` .
### AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME
:::info
2021-12-18 14:34:39 +00:00
Requires authentik 2021.12.1
2021-11-13 21:33:03 +00:00
:::
Enable the ability for users to change their Usernames, defaults to `true` .
2021-11-16 10:29:13 +00:00
### AUTHENTIK_GDPR_COMPLIANCE
:::info
2021-12-18 14:34:39 +00:00
Requires authentik 2021.12.1
2021-11-16 10:29:13 +00:00
:::
When enabled, all the events caused by a user will be deleted upon the user's deletion. Defaults to `true` .
2021-11-14 11:28:46 +00:00
### AUTHENTIK_FOOTER_LINKS
:::info
2021-12-18 14:34:39 +00:00
Requires authentik 2021.12.1
2021-11-14 11:28:46 +00:00
:::
This option configures the footer links on the flow executor pages.
The setting can be used as follows:
```
AUTHENTIK_FOOTER_LINKS='[{"name": "Link Name","href":"https://goauthentik.io"}]'
```
2021-11-07 20:39:25 +00:00
## Debugging
To check if your config has been applied correctly, you can run the following command to output the full config:
```
docker-compose run --rm worker dump_config
# Or for kubernetes
kubectl exec -it deployment/authentik-worker -c authentik -- ak dump_config
```