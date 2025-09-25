Version: 19.x (unreleased)

Teleport Identity Security Configuration

Teleport Identity Security uses the YAML file format for configuration. A full configuration reference file is shown below. This provides comments and all available options for identity-security.yaml .

danger Do not use this example configuration in production.

You must edit your configuration file to meet the needs of your environment. Using a copy of the reference configuration will have unintended effects.

These example configurations include all possible configuration options in YAML format to demonstrate proper use of indentation.

These settings apply the Teleport Identity Security process.

address: 0.0 .0 .0 :8080 registration_cas: - /var/is/teleport-host-ca.pem - /var/is/teleport-host-ca2.pem tls: cert: /var/lib/teleport/identity_security_cert.pem key: /var/lib/teleport/identity_security_key.pem backend: postgres: connection: postgres://teleport:teleport_password@localhost:5432/identity_security?sslmode=disable max_conns: 20 min_conns: 10 max_conn_lifetime: 24h max_conn_idle_time: 10m health_check_period: 10s max_conn_lifetime_jitter: 10s identity_activity_center: region: eu-central-1 database: identity_activity_center table: identity_activity_center_table s3: s3://long-term-bucket/data/ s3_results: s3://transient-bucket/results/ s3_large_files: s3://transient-bucket/large_files sqs_queue_url: https://sqs.eu-central-1.amazonaws.com/123456789/example-queue maxmind_geoip_city_db_path: /path/to/geoIp-city.mmdb metrics: enabled: true address: 0.0 .0 .0 :3000 pprof: false tracing: enabled: false exporter_url: "otlp://localhost:4317" sampling_rate_per_million: 1000 log: level: debug