Generating Secure Values

Generating a Random Password Hash#

Often times it’s required that a random password is generated. While you could randomly generate a string then hash it, we provide a convenience layer for this purpose.

authelia#

The Authelia docker container or CLI binary can be used to generate a random alphanumeric string and output the string and the hash at the same time.

Use the authelia crypto hash generate --help command or see the authelia crypto hash generate reference guide for more information on all available options and algorithms.

docker run --rm authelia/authelia:latest authelia crypto hash generate argon2 --random --random.length 64 --random.charset alphanumeric

authelia crypto hash generate argon2 --random --random.length 64 --random.charset alphanumeric

Generating a Random Alphanumeric String#

Some sections of the configuration recommend generating a random string. There are many ways to accomplish this and the following methods are merely suggestions.

authelia#

The Authelia docker container or CLI binary can be used to generate a random alphanumeric string.

Use the authelia crypto rand --help command or see the authelia crypto rand reference guide for more information on all available options.

docker run --rm authelia/authelia:latest authelia crypto rand --length 64 --charset alphanumeric

authelia crypto rand --length 64 --charset alphanumeric

openssl#

The openssl command on Linux can be used to generate a random alphanumeric string:

openssl rand -hex 64

Linux#

Basic Linux commands can be used to generate a random alphanumeric string:

LENGTH=64
tr -cd '[:alnum:]' < /dev/urandom | fold -w "${LENGTH}" | head -n 1 | tr -d '\n' ; echo

Generating an RSA Keypair#

Some sections of the configuration need an RSA keypair or an RSA private key. There are many ways to achieve this, this section explains two such ways. In all instances the output files are as follows:

authelia#

The Authelia docker container or CLI binary can be used to generate an RSA keypair.

Use the authelia crypto pair --help command or see the authelia crypto pair reference guide for more information on all available options.

docker run --rm -u "$(id -u):$(id -g)" -v "$(pwd)":/keys authelia/authelia:latest authelia crypto pair rsa generate --directory /keys

authelia crypto pair rsa generate

openssl#

The openssl command on Linux can be used to generate an RSA keypair:

openssl genrsa -out private.pem 2048
openssl rsa -in private.pem -outform PEM -pubout -out public.pem

Generating an RSA Self-Signed Certificate#

Some sections of the configuration need a certificate and it may be possible to use a self-signed certificate. There are many ways to achieve this, this section explains two such ways.

In all instances the output files are as follows:

authelia#

The Authelia docker container or binary can be used to generate an RSA self-signed certificate for the domain example.com.

Use the authelia crypto certificate --help command or see the authelia crypto certificate reference guide for more information on all available options.

docker run --rm -u "$(id -u):$(id -g)" -v "$(pwd)":/keys authelia/authelia:latest authelia crypto certificate rsa generate --common-name example.com --directory /keys

authelia crypto certificate rsa generate --common-name example.com

openssl#

The openssl command on Linux can be used to generate an RSA self-signed certificate for the domain example.com:

openssl req -x509 -nodes -newkey rsa:2048 -keyout private.pem -out public.crt -sha256 -days 365 -subj '/CN=example.com'