auth-default-access: "deny-all"
auth:
  web: true

