Yes, those are the correct modern commands for Authelia v4.38+.
Authelia recently reorganized their CLI, moving the password hashing utility under the crypto hash generate subcommand.
Which one should you use?
-
The Interactive Method (Recommended):
Bash
docker run --rm -it authelia/authelia:4 authelia crypto hash generate argon2- Why: It will prompt you to type the password and then confirm it. This prevents your password from appearing in your terminal history (the history command won't show it).
-
The Direct Method:
Bash
docker run --rm authelia/authelia:4 authelia crypto hash generate argon2 --password "yourpassword"- Why: Good for automation, but be careful: as mentioned, the password remains in your bash history. If you use this, run history -c afterward to clear your tracks.
---
Important: Use Single Quotes in YAML
Once you get the output (which will look like $argon2id$v=19$m=65536...), make sure you wrap it in single quotes inside your users_database.yml.
The Argon2 hash contains many $ signs, which YAML can sometimes mistake for environment variables if you use double quotes.
Correct formatting:
YAML
users:
john:
displayname: "John Doe"
password: '$argon2id$v=19$m=65536,t=3,p=4$...' # Use single quotes here
---
Pro-Tip: Running it on your existing container
You don't actually need to "run" a new image every time. Since your Authelia container is already running, you can execute the command directly inside it to save time:
Bash
docker exec -it authelia authelia crypto hash generate argon2
Now that you have your hash, would you like me to double-check the access_control logic in your configuration.yml to ensure your Duo 2FA and 1FA rules don't conflict?