securityonion/salt/kratos/defaults.yaml

kratos:
  enabled: False
  config:
    session:
      lifespan: 24h
      whoami:
        required_aal: highest_available
    selfservice:
      methods:
        password:
          enabled: true
          config:
            haveibeenpwned_enabled: false
        totp:
          enabled: true
          config:
            issuer: Security Onion
      flows:
        settings:
          privileged_session_max_age: 5m
          ui_url: https://URL_BASE/?r=/settings
          required_aal: highest_available
        verification:
          ui_url: https://URL_BASE/
        login:
          ui_url: https://URL_BASE/login/
        error:
          ui_url: https://URL_BASE/login/
        registration:
          ui_url: https://URL_BASE/login/
      default_browser_return_url: https://URL_BASE/
      allowed_return_urls:
        - http://127.0.0.1
    log:
      level: debug
      format: json
    secrets:
      default: []
    serve:
      public:
        base_url: https://URL_BASE/auth/
      admin:
        base_url: https://URL_BASE/kratos/
    hashers:
      bcrypt:
        cost: 12
    identity:
      default_schema_id: default
      schemas:
        - id: default
          url: file:///kratos-conf/schema.json
    courier:
      smtp:
        connection_uri: smtps://URL_BASE:25