# Password Policy Configuration You can define customized password rules to strengthen security based on your organization's needs. Configure these rules using either: * **Kubernetes deployment**: Set the `global.userManagement.passwordPolicyRules` Helm value. * **Docker deployment**: Use the `CYBUS_AUTH_PASSWORD_POLICY_RULES` environment variable. If not configured, the default password rule is `{"min": 5}`, which requires passwords to have a minimum length of five characters without any specific character type requirements. ## Configuring Password Rules {% tabs %} {% tab title="Kubernetes" %} ### Configuring Password Rules (Kubernetes) 1. Open the `values.yaml` file. 2. Set the `global.userManagement.passwordPolicyRules` Helm value to configure your password rules. For a list of all configuration properties, see [Password Parameters](#password-parameters). {% code lineNumbers="true" %} ```yaml global: userManagement: passwordPolicyRules: '{"min": 10, "upper": 1, "lower": 1, "numeric": 1, "symbol": 1}' ``` {% endcode %} 3. Upgrade your Helm chart to apply the Helm configuration changes. For more information, see [Applying Helm configuration changes](https://docs.cybus.io/2-0-6/connectware-on-kubernetes/connectware-helm-chart#applying-helm-configuration-changes). {% code lineNumbers="true" %} ```yaml helm upgrade -n -f values.yaml ``` {% endcode %} 4. Verify your configuration. * Check the auth-server logs for any errors. * Try creating a new user with a password that does not meet the requirements to test. {% endtab %} {% tab title="Docker" %} ### Configuring Password Rules (Docker) 1. Navigate to your Connectware installation directory. If you have used the default values during installation, this is the installation folder: `/opt/connectware`. The directory contains an `.env` file that is loaded when starting Connectware. 2. Open the `.env` file. 3. Set the `CYBUS_AUTH_PASSWORD_POLICY_RULES` environment variable to configure your password rules. For a list of all configuration properties, see [Password Parameters](#password-parameters). {% code lineNumbers="true" %} ```yaml environment: - CYBUS_AUTH_PASSWORD_POLICY_RULES={"min": 10, "upper": 1, "lower": 1, "numeric": 1, "symbol": 1} ``` {% endcode %} 3. Start or restart Connectware. For more information, see [Restarting Connectware](https://docs.cybus.io/2-0-6/documentation/installation-and-upgrades/restarting-connectware). 4. Verify your configuration. * Check the auth-server logs for any errors. * Try creating a new user with a password that does not meet the requirements to test. {% endtab %} {% endtabs %} ## Password Parameters The `CYBUS_AUTH_PASSWORD_POLICY_RULES` variable parameters must contain a properly formatted JSON object. The following parameters are available: | Parameter | Description | Example | | --------- | ------------------------------------ | -------------------------------------------------------------------- | | `min` | Minimum total password length | `{"min": 8}` | | `lower` | Minimum number of lowercase letters | `{"lower": 2}` for at least two lowercase characters like `a` or `b` | | `upper` | Minimum number of uppercase letters | `{"upper": 1}` for at least one uppercase character like `A` or `B` | | `numeric` | Minimum number of numeric digits | `{"numeric": 1}` for at least one digit like `1` or `2` | | `symbol` | Minimum number of special characters | `{"symbol": 1}` for at least one symbol like `$` or `#` | * **Parameter values**: Each parameter accepts a single integer value. * **Optional parameters**: All parameters are optional in the JSON object. * **Disabled rules**: Setting any value to zero (e.g., `{"upper": 0}`) disables that specific rule. * **Character classification**: Character classes are evaluated using Unicode Regular Expression category parameters. For details on the exact definition of the character classes, see . ## Troubleshooting The environment variable is validated during system startup. If there is a misconfiguration (e.g., JSON syntax error), the auth-server container will fail to start and log an appropriate error message. Check the auth-server container logs for troubleshooting.