authelia

Validate configuration file

$ authelia validate-config --config [config.yml]

$ authelia crypto hash generate argon2

$ authelia crypto rand --length [64]

$ authelia crypto pair rsa generate

$ authelia crypto totp generate --issuer [MyApp]

$ authelia crypto hash generate argon2 --password

$ authelia --version

$ authelia --config [/etc/authelia/config.yml]

authelia [global-options] command [options]

authelia is the CLI for Authelia, an open-source authentication and authorization server. It provides multi-factor authentication and single sign-on for applications behind a reverse proxy.
The crypto commands generate secrets, password hashes, certificates, and TOTP configurations needed for Authelia setup. Use crypto hash generate argon2 to create password hashes for the user database.
Configuration validation with validate-config checks YAML syntax and setting values before deployment. This catches common configuration errors.
The storage commands manage the user database, including migrations between versions and encryption key rotation. Authelia stores user credentials, TOTP secrets, and session data.
Authelia integrates with reverse proxies like Nginx, Traefik, and HAProxy to protect web applications with authentication portals and access policies.

--config, -c path

Path to configuration file(s).

Read password interactively.

Length for random generation.

TOTP issuer name.

Hashing or encryption algorithm.

Display help information.

Display version information.

/etc/authelia/configuration.yml

Main configuration file defining authentication backends, session settings, access control rules, and storage options.

File-based user database when using the file authentication backend. Contains usernames, password hashes, and group memberships.

crypto hash|pair|rand|certificate|totp

Cryptographic utilities for generating secrets and hashes.

Validate configuration file syntax and values.

Database storage management and migrations.

Test access control rules against requests.

Display build information.

crypto hash generate argon2|pbkdf2|sha2crypt|bcrypt

Generate password hash using specified algorithm.

Generate cryptographic key pairs.

Generate random bytes or strings.

Generate self-signed certificates.

Generate TOTP secret and QR code.

Authelia runs as a service behind a reverse proxy; the CLI is for configuration and utilities. Requires proper reverse proxy configuration for authentication flow. User database and session storage must be configured. Some features require Redis for session storage in HA deployments.

Authelia was created by Clement Michaud in 2016 as a simple authentication portal. The project evolved to support multiple second-factor methods (TOTP, WebAuthn, Duo) and advanced access control. Version 4 brought major architectural improvements and became widely adopted for self-hosted authentication. The project emphasizes security, privacy, and ease of deployment with container-first design.

authentik(1), keycloak(1), nginx(1), traefik(1)