# Password Policy Configuration

You can define customized password rules to strengthen security based on your organization's needs. Configure these rules using either:

* **Kubernetes deployment**: Set the `global.userManagement.passwordPolicyRules` Helm value.
* **Docker deployment**: Use the `CYBUS_AUTH_PASSWORD_POLICY_RULES` environment variable.

If not configured, the default password rule is `{"min": 5}`, which requires passwords to have a minimum length of five characters without any specific character type requirements.

## Configuring Password Rules

{% tabs %}
{% tab title="Kubernetes" %}

### Configuring Password Rules (Kubernetes)

1. Open the `values.yaml` file.
2. Set the `global.userManagement.passwordPolicyRules` Helm value to configure your password rules. For a list of all configuration properties, see [Password Parameters](#password-parameters).

{% code lineNumbers="true" %}

```yaml
global:
  userManagement:
    passwordPolicyRules: '{"min": 10, "upper": 1, "lower": 1, "numeric": 1, "symbol": 1}'
```

{% endcode %}

3. Upgrade your Helm chart to apply the Helm configuration changes. For more information, see [Applying Helm configuration changes](/2-1-2/documentation/connectware-on-kubernetes/connectware-helm-chart.md#applying-helm-configuration-changes).

{% code lineNumbers="true" %}

```bash
helm upgrade -n ${NAMESPACE} ${INSTALLATION_NAME} -f values.yaml
```

{% endcode %}

4. Verify your configuration.
   * Check the auth-server logs for any errors.
   * Try creating a new user with a password that does not meet the requirements to test.
     {% endtab %}

{% tab title="Docker" %}

### Configuring Password Rules (Docker)

1. Navigate to your Connectware installation directory. If you have used the default values during installation, this is the installation folder: `/opt/connectware`. The directory contains an `.env` file that is loaded when starting Connectware.
2. Open the `.env` file.
3. Set the `CYBUS_AUTH_PASSWORD_POLICY_RULES` environment variable to configure your password rules. For a list of all configuration properties, see [Password Parameters](#password-parameters).

{% code lineNumbers="true" %}

```yaml
environment:
  - CYBUS_AUTH_PASSWORD_POLICY_RULES={"min": 10, "upper": 1, "lower": 1, "numeric": 1, "symbol": 1}
```

{% endcode %}

3. Start or restart Connectware. For more information, see [Restarting Connectware](/2-1-2/documentation/installation-and-upgrades/restarting-connectware.md).
4. Verify your configuration.
   * Check the auth-server logs for any errors.
   * Try creating a new user with a password that does not meet the requirements to test.
     {% endtab %}
     {% endtabs %}

## Password Parameters

The `CYBUS_AUTH_PASSWORD_POLICY_RULES` variable parameters must contain a properly formatted JSON object. The following parameters are available:

| Parameter | Description                          | Example                                                              |
| --------- | ------------------------------------ | -------------------------------------------------------------------- |
| `min`     | Minimum total password length        | `{"min": 8}`                                                         |
| `lower`   | Minimum number of lowercase letters  | `{"lower": 2}` for at least two lowercase characters like `a` or `b` |
| `upper`   | Minimum number of uppercase letters  | `{"upper": 1}` for at least one uppercase character like `A` or `B`  |
| `numeric` | Minimum number of numeric digits     | `{"numeric": 1}` for at least one digit like `1` or `2`              |
| `symbol`  | Minimum number of special characters | `{"symbol": 1}` for at least one symbol like `$` or `#`              |

* **Parameter values**: Each parameter accepts a single integer value.
* **Optional parameters**: All parameters are optional in the JSON object.
* **Disabled rules**: Setting any value to zero (e.g., `{"upper": 0}`) disables that specific rule.
* **Character classification**: Character classes are evaluated using Unicode Regular Expression category parameters. For details on the exact definition of the character classes, see <https://unicode.org/reports/tr18/#General_Category_Property>.

## Troubleshooting

The environment variable is validated during system startup. If there is a misconfiguration (e.g., JSON syntax error), the auth-server container will fail to start and log an appropriate error message. Check the auth-server container logs for troubleshooting.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.cybus.io/2-1-2/documentation/security/password-policy-configuration.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.