Global user and password policies. These settings control how passwords are hashed and stored, and which characters are allowed in usernames. For managing individual user accounts, see User Management.

users:
  passwordHashAlgorithm: SHA512
  passwordHashAutoUpdate: true
  passwordSaltSize: 20
  usernamePattern: '^[a-zA-Z0-9_\\@\\-\\.]{1,128}$'

users.passwordHashAlgorithm

"SHA256" | "SHA384" | "SHA512" = "SHA512"

Algorithm used to hash stored passwords.

users.passwordHashAutoUpdate

boolean = true

Automatically re-hash the password on login when the stored hash uses an outdated algorithm or salt size.

users.passwordSaltSize

number = 20

Size of the password salt in bytes. Allowed range is 8–256.

users.usernamePattern

string = "^[a-zA-Z0-9_\@\-\.]{1,128}$"

Regular expression that validates usernames. The default allows alphanumeric characters, underscores, hyphens, @, and dots, up to 128 characters.