1 files changed, 55 insertions, 0 deletions

diff --git a/weed/command/scaffold/credential.toml b/weed/command/scaffold/credential.toml
new file mode 100644
index 000000000..380867800
--- /dev/null
+++ b/weed/command/scaffold/credential.toml
@@ -0,0 +1,55 @@
+# Put this file to one of the location, with descending priority
+#    ./credential.toml
+#    $HOME/.seaweedfs/credential.toml
+#    /etc/seaweedfs/credential.toml
+# this file is read by S3 API and IAM API servers
+
+# Choose one of the credential stores below
+# Only one store can be enabled at a time
+
+# Filer-based credential store (default, uses existing filer storage)
+[credential.filer_etc]
+enabled = true
+# filer address and grpc_dial_option will be automatically configured by the server
+
+# SQLite credential store (recommended for single-node deployments)
+[credential.sqlite]
+enabled = false
+file = "/var/lib/seaweedfs/credentials.db"
+# Optional: table name prefix (default: "sw_")
+table_prefix = "sw_"
+
+# PostgreSQL credential store (recommended for multi-node deployments)
+[credential.postgres]
+enabled = false
+hostname = "localhost"
+port = 5432
+username = "seaweedfs"
+password = "your_password"
+database = "seaweedfs"
+schema = "public"
+sslmode = "disable"
+# Optional: table name prefix (default: "sw_")
+table_prefix = "sw_"
+# Connection pool settings
+connection_max_idle = 10
+connection_max_open = 100
+connection_max_lifetime_seconds = 3600
+
+# Memory credential store (for testing only, data is lost on restart)
+[credential.memory]
+enabled = false
+
+# Environment variable overrides:
+# Any configuration value can be overridden by environment variables
+# Rules:
+#   * Prefix with "WEED_CREDENTIAL_"
+#   * Convert to uppercase
+#   * Replace '.' with '_'
+#
+# Examples:
+#   export WEED_CREDENTIAL_POSTGRES_PASSWORD=secret
+#   export WEED_CREDENTIAL_SQLITE_FILE=/custom/path/credentials.db
+#   export WEED_CREDENTIAL_POSTGRES_HOSTNAME=db.example.com
+#   export WEED_CREDENTIAL_FILER_ETC_ENABLED=true
+#   export WEED_CREDENTIAL_SQLITE_ENABLED=false 
\ No newline at end of file