This repository has been archived by the owner on Jan 17, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 20
/
config.yml
198 lines (174 loc) · 6.5 KB
/
config.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
##################################
### KeePass4Web related config ###
##################################
# where to get keepass database from
# use 'Filesystem' for a simple file in the local filesystem
# use 'Seafile' to get database from a Seafile host
# use 'LWP' to get database via a protocol supported by LWP
# use 'Dropbox' to get database from user's Dropbox
db_backend: 'Filesystem'
# backend to authenticate users before anything else
# available: LDAP, Htpasswd
auth_backend: 'LDAP'
# whether to use auth credentials for database backend provider (if backend requires authentication)
auth_reuse_cred: 0
### Database backends ###
# file specific configuration, db_backend = 'Filesystem'
Filesystem:
db_location: '/opt/keepass4web/db.kdbx'
# seafile specific configuration, db_backend = 'Seafile'
Seafile:
# server url
url: 'https://seacloud.cc/'
db_location: '632ab0a8-eca9-4495-90ba-f351b5bfe975/Keepass/db.kdbx'
# whether to use login password to decrypt encrypted repositories
reuse_repopw: 0
# LWP specific configuration, db_backend = 'LWP'
LWP:
# server url
db_location: 'https:/example.org/db.kdbx'
# username/password for http basic auth and ftp, leave password empty if not required
username: ''
password: ''
# proxy url to use
proxy: ''
upload:
# form field name used in upload POST request
fieldname: 'file'
# useful for unicode filenames, needs server support
use_rfc5987: 1
# options passed to LWP::UserAgent constructor
# see https://metacpan.org/pod/LWP::UserAgent#CONSTRUCTOR-METHODS
lwp_options:
ssl_opts:
verify_hostname: 1
agent: 'LWP/KeePass4Web'
# get proxy settings from environment
# mod_perl needs to pass env aditionally in apache config (PerlPassEnv directive)
env_proxy: 1
timeout: 30
# dropbox specific configuration, db_backend = 'Dropbox'
Dropbox:
key: ''
secret: ''
# access token will only work for a single dropbox user (the one who registered the app)
# may be used to supply the same database to all users
access_token: ''
# external url of the app
redirect_uri: 'https://example.org/keepass/callback'
db_location: 'db.kdbx'
# get proxy settings from environment
# mod_perl needs to pass env aditionally in apache config (PerlPassEnv directive)
env_proxy: 1
### Authentication backends ###
# ldap specific configuration, auth_backend = 'LDAP'
LDAP:
uri: 'ldap://127.0.0.1:389'
scope: 'subtree'
base_dn: 'OU=People,DC=example,DC=org'
filter: '(&(objectClass=inetOrgPerson)(memberOf=CN=keepass,OU=groups,DC=example,DC=org))'
# (unique) ldap attribute for user login
# Active Directory: sAMAccountName or userPrincipalName
# openLDAP/389 Directory Server/etc: uid
login_attribute: 'uid'
# ldap bind DN and password, leave empty for anonymous bind
bind: 'CN=ldap-read,OU=Special Users,DC=example,DC=org'
password: ''
# ldap attribute containing the keepass database or keyfile (per user), dependent on db backend
# leave empty to use static db_location from above
database_attribute: 'keePass'
# key file location attribute
keyfile_attribute: 'keePassKeyFile'
# htpasswd specific configuration, auth_backend = 'Htpasswd'
# apache htpasswd style files
Htpasswd:
# may be a relative path to the app dir
filepath: '.htpasswd'
# hash algorithm
# available: bcrypt, md5, sha1, crypt, plain
hash: 'bcrypt'
# time till database gets closed (user idle time)
# user will have to reenter database password/keyfile
db_session_timeout: '10 minutes'
# interval to watch for user auth changes (to present proper login page, even when user is idling)
auth_check_interval: '1 hour 5 minutes'
# cipher used for db encryption in shared memory. Basically the Crypt::Cipher::<Name> module
ipc_cipher: 'AES'
# segment size in kilobytes to request
ipc_segment_size: 64
# cipher used for encryption of all password fields and files
pw_cipher: 'AES'
# cipher used for hmac authentication of ciphertext ("encrypt then mac"), requires Crypt::Digest::<Name> module
hmac_cipher: 'SHA256'
# SysV IPC key, usually only needs change if it clashes with another application
ipc_id: 3294967296
# type of keyring used for Kernel::Keyring
# see "man keyctl"
keyring_session: '@s'
# whether to include files and history in cached database
# disabling this can speed up the initial loading of the database and decrease memory in IPC
hist_and_bin: 1
# whether to include custom icons in shared memory
# disable to increase performance and save memory+bandwidth
custom_icons: 1
# webinterface: maximum open tree levels on load
toggled_levels: 3
search:
# fields to search for matching entries
fields:
- title
- username
- tags
- comments
- url
# whether to search in user supplied fields and file names
extra_fields: 1
# only if you can trust users, might lead to server hang (backtracking)
allow_regex: 0
##################################
### Dancer2 related config ###
##################################
# https://metacpan.org/pod/distribution/Dancer2/lib/Dancer2/Config.pod
# Dancer2::Logger::<name> modules
logger: 'File'
# Dancer2::Session::<name> modules
session: 'Cookie'
# usually no need to change these
server: '127.0.0.1'
appname: 'KeePass4Web'
charset: 'UTF-8'
no_server_tokens: 1
# critical warnings
warnings: 0
# stack traces on error
show_errors: 0
# caching routes for speed
route_cache: 1
environment: 'production'
engines:
# https://metacpan.org/pod/Dancer2::Core::Role::Logger
logger:
Console:
log_level: 'info'
log_format: '%T [%L] %m (in %f l. %l)'
File:
log_level: 'info'
log_dir: '/var/log/keepass4web/'
file_name: 'info.log'
log_format: '%T [%L] %m (in %f l. %l)'
# https://metacpan.org/pod/Dancer2::Core::Role::SessionFactory
session:
Cookie:
# cookie session name
cookie_name: 'KeePass4Web'
# cookie expiry
cookie_duration: '1 hour'
# session expiry, in seconds
session_duration: 3600
# should be at least 16 bytes long
# we could change that one periodially, e.g. weekly via cron
secret_key: ''
# using https cookies
is_secure: 1
# no javascript access
is_http_only: 1