# Put this file to one of the location, with descending priority
#    ./credential.toml
#    $HOME/.seaweedfs/credential.toml
#    /etc/seaweedfs/credential.toml
# this file is read by S3 API and IAM API servers

# Choose one of the credential stores below
# Only one store can be enabled at a time

# Filer-based credential store (default, uses existing filer storage)
[credential.filer_etc]
enabled = true
# filer address and grpc_dial_option will be automatically configured by the server


# PostgreSQL credential store (recommended for multi-node deployments)
[credential.postgres]
enabled = false
hostname = "localhost"
port = 5432
username = "seaweedfs"
password = "your_password"
database = "seaweedfs"
schema = "public"
sslmode = "disable"
# Optional: table name prefix (default: "sw_")
table_prefix = "sw_"
# Connection pool settings
connection_max_idle = 10
connection_max_open = 100
connection_max_lifetime_seconds = 3600

# Memory credential store (for testing only, data is lost on restart)
[credential.memory]
enabled = false

# Environment variable overrides:
# Any configuration value can be overridden by environment variables
# Rules:
#   * Prefix with "WEED_CREDENTIAL_"
#   * Convert to uppercase
#   * Replace '.' with '_'
#
# Examples:
#   export WEED_CREDENTIAL_POSTGRES_PASSWORD=secret
#   export WEED_CREDENTIAL_POSTGRES_HOSTNAME=db.example.com
#   export WEED_CREDENTIAL_FILER_ETC_ENABLED=true