# Authentik Configuration Template # # IMPORTANT: This file is for LOCAL DEVELOPMENT ONLY! # For production deployments, use Jenkins credentials instead of .env files # # Local Development Setup: # 1. Copy this file to .env: cp .env.example .env # 2. Generate secure passwords: # echo "PG_PASS=$(openssl rand -base64 36 | tr -d '\n')" >> .env # echo "AUTHENTIK_SECRET_KEY=$(openssl rand -base64 60 | tr -d '\n')" >> .env # 3. Run: docker compose up -d # # For Jenkins/Production deployments: # - Configure credentials in Jenkins UI # - Do NOT create .env file # - Pipeline uses Jenkins credentials store instead # PostgreSQL Database Configuration # This Authentik deployment connects to an EXISTING PostgreSQL 18 server # The PostgreSQL server is managed separately in the postgresql/ repository POSTGRES_HOST=postgres-postgres POSTGRES_PORT=5432 PG_DB=authentik PG_USER=authentik PG_PASS=your_secure_password_here # Authentik Configuration (for local development only) AUTHENTIK_SECRET_KEY=your_secret_key_here AUTHENTIK_TAG=2025.10.1 AUTHENTIK_IMAGE=ghcr.io/goauthentik/server # Port Configuration (for local development only) COMPOSE_PORT_HTTP=9000 COMPOSE_PORT_HTTPS=9443 # Error Reporting (optional) # AUTHENTIK_ERROR_REPORTING__ENABLED=true # Email Configuration (recommended for production) # AUTHENTIK_EMAIL__HOST=smtp.example.com # AUTHENTIK_EMAIL__PORT=587 # AUTHENTIK_EMAIL__USERNAME=your_email@example.com # AUTHENTIK_EMAIL__PASSWORD=your_email_password # AUTHENTIK_EMAIL__USE_TLS=true # AUTHENTIK_EMAIL__FROM=authentik@example.com # Jenkins Production Credentials Setup: # --------------------------------------- # 1. Go to: Jenkins → Manage Jenkins → Manage Credentials → (global) → Add Credentials # 2. Create these credentials: # - authentik-pg-pass (Secret Text): PostgreSQL password # - authentik-secret-key (Secret Text): Authentik secret key (60+ characters) # - authentik-pg-db (String, optional): Database name (default: authentik) # - authentik-pg-user (String, optional): Database user (default: authentik) # - authentik-postgres-host (String, optional): PostgreSQL host (default: postgres-postgres) # - authentik-postgres-port (String, optional): PostgreSQL port (default: 5432) # 3. Jenkins pipeline will automatically use these credentials # - For production, consider using Docker secrets or external secret management # # NOTE: This deployment connects to the existing PostgreSQL 18 server # Make sure the PostgreSQL deployment is running before deploying Authentik # WARNING: Never commit .env file to version control! # Only commit .env.example as a template