@@ -720,13 +720,13 @@ You can configure Chroma to use authentication when in server/client mode only.
720720
721721Supported authentication methods:
722722
723- | Authentication Method | Basic Auth (Pre-emptive) |
724- | -----------------------| ---------------------------------------------------------------------------------------------------------------------------|
725- | Description | [ RFC 7617] ( https://www.rfc-editor.org/rfc/rfc7617 ) Basic Auth with ` user:password ` base64-encoded ` Authorization ` header. |
726- | Status | ` Alpha ` |
727- | Server-Side Support | ✅ ` Alpha ` |
728- | Client/Python | ✅ |
729- | Client/JS | ➖ |
723+ | Authentication Method | Basic Auth (Pre-emptive) | Static API Token |
724+ | -----------------------| ---------------------------------------------------------------------------------------------------------------------------| ------------------ |
725+ | Description | [ RFC 7617] ( https://www.rfc-editor.org/rfc/rfc7617 ) Basic Auth with ` user:password ` base64-encoded ` Authorization ` header. | |
726+ | Status | ` Alpha ` | |
727+ | Server-Side Support | ✅ ` Alpha ` | ✅ ` Alpha ` |
728+ | Client/Python | ✅ | |
729+ | Client/JS | ➖ | ➖ |
730730
731731### Basic Authentication
732732
@@ -782,3 +782,58 @@ Authentication is not yet supported in JS
782782:::
783783</TabItem >
784784</Tabs >
785+
786+
787+ ### Static API Token Authentication
788+
789+ :::note Tokens
790+ Tokens must be alphanumeric ASCII strings. Tokens are case sensitive.
791+ :::
792+
793+ <Tabs queryString groupId =" lang " className =" hideTabSwitcher " >
794+ <TabItem value =" py " label =" Python " >
795+
796+ #### Server Setup
797+
798+ :::note Security Note
799+ Current implementation of static API token auth supports only ENV based tokens.
800+ :::
801+
802+ ##### Running the Server
803+
804+ Create a ` .chroma_env ` file with the following contents:
805+
806+ ``` ini title=".chroma_env"
807+ CHROMA_SERVER_AUTH_CREDENTIALS =" test-token"
808+ CHROMA_SERVER_AUTH_CREDENTIALS_PROVIDER =' chromadb.auth.token.TokenConfigServerAuthCredentialsProvider'
809+ CHROMA_SERVER_AUTH_PROVIDER =' chromadb.auth.token.TokenAuthServerProvider'
810+ ```
811+
812+ ``` bash
813+ docker-compose --env-file ./.chroma_env up -d --build
814+ ```
815+
816+ #### Client Setup
817+
818+ ``` python
819+ import chromadb
820+ from chromadb.config import Settings
821+
822+ client = chromadb.HttpClient(
823+ settings = Settings(chroma_client_auth_provider = " chromadb.auth.token.TokenAuthClientProvider"
824+ chroma_client_auth_credentials = " test-token"
825+ client.heartbeat() # this should work with or without authentication - it is a public endpoint
826+
827+ client.get_version() # this should work with or without authentication - it is a public endpoint
828+
829+ client.list_collections() # this is a protected endpoint and requires authentication
830+ ```
831+
832+ </TabItem >
833+ <TabItem value =" js " label =" JavaScript " >
834+
835+ :::info Not Available
836+ Authentication is not yet supported in JS
837+ :::
838+ </TabItem >
839+ </Tabs >
0 commit comments