##--------------------------------------------------------------------
## Redis Auth/ACL Plugin
##--------------------------------------------------------------------
## Redis Server cluster type
## single    Single redis server
## sentinel  Redis cluster through sentinel
## cluster   Redis through cluster
auth.redis.type = single

## Redis server address.
##
## Value: Port | IP:Port
##
## Single Redis Server: 127.0.0.1:6379, localhost:6379
## Redis Sentinel: "127.0.0.1:26379,127.0.0.2:26379,127.0.0.3:26379"
## Redis Cluster: "127.0.0.1:6379,127.0.0.2:6379,127.0.0.3:6379"
auth.redis.server = "127.0.0.1:6379"

## Redis sentinel cluster name.
##
## Value: String
## auth.redis.sentinel = mymaster

## Redis pool size.
##
## Value: Number
auth.redis.pool = 8

## Redis database no.
##
## Value: Number
auth.redis.database = 0

## Redis password.
##
## Value: String
## auth.redis.password =

## Redis query timeout
##
## Value: Duration
## auth.redis.query_timeout = 5s

## Authentication query command.
##
## Value: Redis cmd
##
## Variables:
##  - %u: username
##  - %c: clientid
##  - %C: common name of client TLS cert
##  - %d: subject of client TLS cert
##
## Examples:
##  - "HGET mqtt_user:%u password"
##  - "HMGET mqtt_user:%u password"
##  - "HMGET mqtt_user:%u password salt"
auth.redis.auth_cmd = "HMGET mqtt_user:%u password"

## Password hash.
##
## Value: plain | md5 | sha | sha256 | bcrypt
auth.redis.password_hash = plain

## sha256 with salt prefix
## auth.redis.password_hash = "salt,sha256"

## sha256 with salt suffix
## auth.redis.password_hash = "sha256,salt"

## bcrypt with salt prefix
## auth.redis.password_hash = "salt,bcrypt"

## pbkdf2 with macfun iterations dklen
## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512
## auth.redis.password_hash = "pbkdf2,sha256,1000,20"

## Superuser query command.
##
## Value: Redis cmd
##
## Variables:
##  - %u: username
##  - %c: clientid
##  - %C: common name of client TLS cert
##  - %d: subject of client TLS cert
auth.redis.super_cmd = "HGET mqtt_user:%u is_superuser"

## ACL query command.
##
## Value: Redis cmd
##
## Variables:
##  - %u: username
##  - %c: clientid
auth.redis.acl_cmd = "HGETALL mqtt_acl:%u"

## Redis ssl configuration.
##
## Value: on | off
# auth.redis.ssl.enable = off

## CA certificate.
##
## Value: File
#auth.redis.ssl.cacertfile = path/to/your/cafile.pem

## Client ssl certificate.
##
## Value: File
# auth.redis.ssl.certfile = path/to/your/certfile

## Client ssl keyfile.
##
## Value: File
# auth.redis.ssl.keyfile = path/to/your/keyfile

## In mode verify_none the default behavior is to allow all x509-path
## validation errors.
##
## Value: true | false
#auth.redis.ssl.verify = false

## If not specified, the server's names returned in server's certificate is validated against
## what's provided `auth.redis.server` config's host part.
## Setting to 'disable' will make EMQ X ignore unmatched server names.
## If set with a host name, the server's names returned in server's certificate is validated
## against this value.
##
## Value: String | disable
## auth.redis.ssl.server_name_indication = disable