docker-infrastructure/authelia/.env.example

# Authelia secrets — generate values with:
#   openssl rand -hex 32   (for JWT and session secrets)
#   openssl rand -hex 16   (for storage encryption key)
AUTHELIA_JWT_SECRET=
AUTHELIA_SESSION_SECRET=
AUTHELIA_STORAGE_ENCRYPTION_KEY=

# OIDC HMAC secret (top-level key, env var works here)
AUTHELIA_IDENTITY_PROVIDERS_OIDC_HMAC_SECRET=

# OIDC client secrets are stored as PBKDF2-SHA512 hashes in secret files on the host:
#   /srv/authelia/config/secrets/oidc_linkding
#   /srv/authelia/config/secrets/oidc_open_webui
# Generate a hash: docker run --rm authelia/authelia:4.38 authelia crypto hash generate pbkdf2 --variant sha512 --password <secret>
# The plaintext goes in the client app (e.g. LINKDING_OIDC_CLIENT_SECRET in linkding stack)