valknar/docker-compose
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: use .env for Authelia password hash

Browse Source 
- Rename users_database.yml to users_database.template.yml
- Use envsubst to substitute AUTHELIA_USER_PASSWORD_HASH from .env
- Update configuration.yml to use /config/users_database.yml
- Add AUTHELIA_USER_PASSWORD_HASH environment variable to compose
- Password hash now stored securely in .env instead of git
This commit is contained in:
Sebastian Krüger
2025-11-15 19:56:56 +01:00
parent f9c953ecbc
commit 37f1edbd01
4 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
arty.yml
View File

@@ -128,6 +128,7 @@ envs:
# Authelia SSO # Authelia SSO
NET_AUTHELIA_IMAGE: authelia/authelia:latest NET_AUTHELIA_IMAGE: authelia/authelia:latest
NET_AUTHELIA_TRAEFIK_HOST: auth.pivoine.art NET_AUTHELIA_TRAEFIK_HOST: auth.pivoine.art
AUTHELIA_USER_PASSWORD_HASH: "" # Generated via: docker run --rm authelia/authelia:latest authelia crypto hash generate argon2 --password 'yourpassword'
# AI Stack # AI Stack
AI_TRAEFIK_ENABLED: true AI_TRAEFIK_ENABLED: true
AI_COMPOSE_PROJECT_NAME: ai AI_COMPOSE_PROJECT_NAME: ai

2
net/authelia/configuration.yml
View File

@@ -41,7 +41,7 @@ authentication_backend:
disable: false disable: false
refresh_interval: 5m refresh_interval: 5m
file: file:
path: /etc/authelia/users_database.yml path: /config/users_database.yml
password: password:
algorithm: argon2 algorithm: argon2
argon2: argon2:

2
net/authelia/users_database.yml → net/authelia/users_database.template.yml
View File

@@ -9,7 +9,7 @@
users: users:
valknar: valknar:
displayname: "Valknar" displayname: "Valknar"
password: "$argon2id$v=19$m=65536,t=3,p=4$c2FsdHNhbHRzYWx0$4oCb4oCh4oCd4oCi4oCl4oCm" # CHANGE THIS - use: docker run --rm authelia/authelia:latest authelia crypto hash generate argon2 --password 'yourpassword' password: "${AUTHELIA_USER_PASSWORD_HASH}"
email: valknar@pivoine.art email: valknar@pivoine.art
groups: groups:
- admins - admins

4
net/compose.yaml
View File

@@ -275,9 +275,13 @@ services:
AUTHELIA_JWT_SECRET: ${AUTHELIA_JWT_SECRET} AUTHELIA_JWT_SECRET: ${AUTHELIA_JWT_SECRET}
AUTHELIA_SESSION_SECRET: ${AUTHELIA_SESSION_SECRET} AUTHELIA_SESSION_SECRET: ${AUTHELIA_SESSION_SECRET}
AUTHELIA_STORAGE_ENCRYPTION_KEY: ${AUTHELIA_STORAGE_ENCRYPTION_KEY} AUTHELIA_STORAGE_ENCRYPTION_KEY: ${AUTHELIA_STORAGE_ENCRYPTION_KEY}
AUTHELIA_USER_PASSWORD_HASH: ${AUTHELIA_USER_PASSWORD_HASH}
volumes: volumes:
- authelia_config:/config - authelia_config:/config
- ./authelia:/etc/authelia:ro - ./authelia:/etc/authelia:ro
command: >
sh -c "envsubst < /etc/authelia/users_database.template.yml > /config/users_database.yml &&
authelia --config /etc/authelia/configuration.yml"
networks: networks:
- compose_network - compose_network
labels: labels: