authgear.secrets.yaml
The secret configuration authgear.secrets.yaml
Last updated
The secret configuration authgear.secrets.yaml
Last updated
This is the configuration file containing various secrets used in Authgear.
The configuration file is validated against the following JSON Schema:
Secrets are placed under the key secrets
. Each item has key
and data
. The valid values for key
are listed below, where data
is key-specific.
Note that ALL secrets are required.
admin-api.auth
defines the JWK to verify Admin API token. It must be an RSA key.
db
defines the database credentials. Only PostgreSQL database is supported.
audit.db
defines the database credentials of the instance for storing audit data. Only PostgreSQL database is supported.
redis
defines the Redis credentials.
analytic.redis
defines the Redis credentials of the Redis instance for storing analytics data.
elasticsearch
defines the connection information of the Elasticsearch instance.
sso.oauth.client
defines the client secrets.
This is the place where you provide the client secrets of configured external OAuth providers.
mail.smtp
defines the SMTP credentials.
mode
is either ssl
or normal
. Usually, you do not need to set it and the mode is inferred from the port.
sms.twilio
defines the Twilio credentials.
sms.nexmo
defines the Nexmo credentials.
jwt
defines the JSON web key (JWK) to sign internal use, ephemeral JWT token. It must be an octet key.
oidc
defines the JWK to sign ID tokens. It must be an RSA key.
csrf
defines the symmetric key to generate a CSRF token. It must be an octet key.
webhook
defines the symmetric key to sign webhook request body. It must be an octet key.
The format shares with
The format is shared with .