🔒 Auth

You can configure Chroma to use authentication when in server/client mode only.

Supported authentication methods:

Authentication MethodBasic Auth (Pre-emptive)Static API Token
DescriptionRFC 7617 Basic Auth with user:password base64-encoded Authorization header.Static auth token in Authorization: Bearer <token> or in X-Chroma-Token: <token> headers.
StatusAlphaAlpha
Server-Side SupportAlphaAlpha
Client/PythonAlphaAlpha
Client/JSAlphaAlpha

Basic Authentication#

Server Setup#

Generate Server-Side Credentials#

To generate the password hash, run the following command:

Command Line

This creates the bcrypt password hash for the password admin and puts it into server.htpasswd alongside the user admin. It will look like admin:<password hash>.

Running the Server#

Set the following environment variables:

Command Line

And run the server as normal:

Command Line

Client Setup#

python

Static API Token Authentication#

Server Setup#

Running the Server#

Set the following environment variables to use Authorization: Bearer test-token to be your authentication header. All environment variables can also be set as Settings.

Command Line

To configure multiple tokens and use them for role-based access control (RBAC), use a file like this and the following configuration settings:

Command Line

To use X-Chroma-Token: test-token type of authentication header you can set the CHROMA_AUTH_TOKEN_TRANSPORT_HEADER environment variable or configuration setting.

Command Line