Scroll to navigation

pgagroal_vault.conf(5) File Formats Manual pgagroal_vault.conf(5)

Name

pgagroal_vault.conf - Main configuration file for pgagroal-vault

DESCRIPTION

pgagroal_vault.conf is the main configuration file for pgagroal-vault.

The file is split into different sections specified by the [ and ] characters. The main section is called [pgagroal-vault].

Other sections (generally called the main section) specifies the pgagroal remote management configuration.

All properties are in the format key = value.

The characters # and ; can be used for comments; must be the first character on the line. The Bool data type supports the following values: on, 1, true, off, 0 and false.

OPTIONS

The options for the pgagroal-vault section are

The bind address for pgagroal-vault. Mandatory
The bind port for pgagroal-vault. Mandatory
The metrics port. Default is 0 (disabled)
The amount of time to keep a Prometheus (metrics) response in cache. If this value is specified without units, it is taken as seconds. It supports the following units as suffixes: 'S' for seconds (default), 'M' for minutes, 'H' for hours, 'D' for days, and 'W' for weeks. Default is 0 (disabled)
The maximum amount of data to keep in cache when serving Prometheus responses. Changes require restart. This parameter determines the size of memory allocated for the cache even if metrics_cache_max_age or metrics are disabled. Its value, however, is taken into account only if metrics_cache_max_age is set to a non-zero value. Supports suffixes: B (bytes), the default if omitted, K or KB (kilobytes), M or MB (megabytes), G or GB (gigabytes). Default is 256k
The logging type (console, file, syslog). Default is console
The logging level, any of the (case insensitive) strings FATAL, ERROR, WARN, INFO and DEBUG (that can be more specific as DEBUG1 thru DEBUG5). Debug level greater than 5 will be set to DEBUG5. Not recognized values will make the log_level be INFO. Default is info
The log file location. Default is pgagroal-vault.log. Can be a strftime(3) compatible string
The amount of time after which log file rotation is triggered. If this value is specified without units, it is taken as seconds. It supports the following units as suffixes: 'S' for seconds (default), 'M' for minutes, 'H' for hours, 'D' for days, and 'W' for weeks. Default is 0 (disabled)
The size of the log file that will trigger a log rotation. Supports suffixes: B (bytes), the default if omitted, K or KB (kilobytes), M or MB (megabytes), G or GB (gigabytes). A value of 0 (with or without suffix) disables. Default is 0
A strftime(3) compatible string to use as prefix for every log line. Must be quoted if contains spaces. Default is %Y-%m-%d %H:%M:%S
Append to or create the log file (append, create). Default is append
Log connects. Default is off
Log disconnects. Default is off
The amount of time the process will wait for valid credentials. If this value is specified without units, it is taken as seconds. It supports the following units as suffixes: 'S' for seconds (default), 'M' for minutes, 'H' for hours, 'D' for days, and 'W' for weeks. Default is 5
Huge page support. Default is try
Enable Transport Layer Security (TLS). Default is false. Changes require restart in the server section.
Certificate file for TLS. Changes require restart in the server section.
Private key file for TLS. Changes require restart in the server section.
Certificate Authority (CA) file for TLS. Changes require restart in the server section.
Certificate authentication mode when tls_ca_file is set. verify-ca verifies only the CA signature. verify-full additionally verifies that the certificate's CN or SAN matches the username. Default is verify-ca

The options for the main section are

The address of the pgagroal instance running the management server. Mandatory
The management port of pgagroal. Mandatory
The admin user of the pgagroal remote management service. Mandatory

REPORTING BUGS

pgagroal is maintained on GitHub at <https://github.com/pgagroal/pgagroal>

COPYRIGHT

pgagroal is licensed under the 3-clause BSD License.

SEE ALSO

pgagroal.conf(5), pgagroal_hba.conf(5), pgagroal_databases.conf(5), pgagroal(1), pgagroal-cli(1), pgagroal-admin(1), pgagroal-vault(1)