authgear.secrets.yaml
The secret configuration authgear.secrets.yaml
This is the configuration file containing various secrets used in Authgear.
JSON Schema
The configuration file is validated against the following JSON Schema:
Structure
Secrets are placed under the key secrets
. Each item has key
and data
. The valid values for key
are listed below, where data
is key-specific.
Note that ALL secrets are required.
admin-api.auth
admin-api.auth
defines the JWK to verify Admin API token. It must be an RSA key.
db
db
defines the database credentials. Only PostgreSQL database is supported.
audit.db
audit.db
defines the database credentials of the instance for storing audit data. Only PostgreSQL database is supported.
redis
redis
defines the Redis credentials.
analytic.redis
analytic.redis
defines the Redis credentials of the Redis instance for storing analytics data.
elasticsearch
elasticsearch
defines the connection information of the Elasticsearch instance.
sso.oauth.client
sso.oauth.client
defines the client secrets.
This is the place where you provide the client secrets of configured external OAuth providers.
mail.smtp
mail.smtp
defines the SMTP credentials.
mode
is either ssl
or normal
. Usually, you do not need to set it and the mode is inferred from the port.
sms.twilio
sms.twilio
defines the Twilio credentials.
sms.nexmo
sms.nexmo
defines the Nexmo credentials.
jwt
jwt
defines the JSON web key (JWK) to sign internal use, ephemeral JWT token. It must be an octet key.
oidc
oidc
defines the JWK to sign ID tokens. It must be an RSA key.
csrf
csrf
defines the symmetric key to generate a CSRF token. It must be an octet key.
webhook
webhook
defines the symmetric key to sign webhook request body. It must be an octet key.
Last updated