Skip to main content

AUTH_CONFIG_PATH

Applies to

  • Enterprise v3.1.0+

Default

./auth.yaml (relative to the server working directory)

Examples

# Use the default location in the working directory
AUTH_CONFIG_PATH=./auth.yaml

# Use an explicit absolute path
AUTH_CONFIG_PATH=/etc/fume/auth.yaml

# Use inline base64-encoded YAML instead of a file
AUTH_CONFIG_PATH=dmVyc2lvbjogMQprZXljbG9hazoKICBpc3N1ZXI6IGh0dHBzOi8va2MuZXhhbXBsZS5jb20vcmVhbG1zL2Z1bWUK...

Purpose

Defines the source for the auth.yaml document that configures Keycloak-based authentication and the authorization policy. The value can be either a filesystem path or an inline base64-encoded YAML document.

Notes

  • If unset, FUME reads ./auth.yaml from the working directory if it exists.
  • If the configured value resolves to an existing file, FUME loads that file.
  • Otherwise, FUME treats the configured value as an inline base64-encoded YAML document.
  • If the configured value is neither an existing file nor valid base64, FUME fails to start with a clear error.
  • If both an explicit AUTH_CONFIG_PATH file and a default ./auth.yaml exist, FUME fails fast on the ambiguity.
  • If no auth.yaml is resolved at all, the server runs with authentication disabled (no-auth mode).
  • Relative paths are resolved from the server process working directory.
  • ${ENV_VAR} placeholders inside the document are resolved after the file is read or the base64 payload is decoded.
  • Restart the server after changing this value.
  • For schema, the authorization policy, and examples, see Authentication & Authorization.