Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for generating htpasswd hash #32

Open
TimJones opened this issue Apr 5, 2017 · 6 comments
Open

Add support for generating htpasswd hash #32

TimJones opened this issue Apr 5, 2017 · 6 comments
Labels
enhancement

Comments

@TimJones
Copy link

TimJones commented Apr 5, 2017
edited

A function that can generate the htpasswd type hash from username & password would be great. In Kubernetes Helm charts, this would help in configuring basic auth for ingress resources.
@technosophos
Copy link
Member

Can you point me to some documentation? I'm not sure what the hashing algo is that it uses.

@ValentinFunk
Copy link

ValentinFunk commented Jan 4, 2018
edited

If anyone comes here from google, an easy way to get around it for helm charts and nginx is to use plain text to store the pw:

auth: {{ (print "apikey:{PLAIN}" (index .Values.apiKey)) | b64enc | quote }}

Not cool to store the PWs like this but it's in a kubernetes secret so i guess it's ok? Suppose for proper auth you wouldn't use basic auth anyway

@technosophos The algorithms are a bit of a mess:
https://httpd.apache.org/docs/2.4/misc/password_encryptions.html
lots of apache specific stuff in C, not sure if anyone want's to port that over. Bcrypt seems to be pretty standard but i'm not sure what this means: https://github.com/abbot/go-http-auth/blob/cb4372376e1e00e9f6ab9ec142e029302c9e7140/basic.go#L27. Might not be relevant for generation.

@Tim-Schwalbe
Copy link

Can you explain where it is stored in plain text? because the secret is base64 encoded

@sanderploegsma
Copy link

@kamshak Nginx indeed seems to support plain text passwords in the passwd file. However, when I create a Kubernetes secret that contains foo:bar (base64 encoded) the Nginx Controller doesn't accept these credentials. If I use htpasswd to encrypt bar it works.

Are you sure that your approach should work for the Nginx Ingress controller?

@ValentinFunk
Copy link

ValentinFunk commented Dec 14, 2019 via email

rustycl0ck pushed a commit to rustycl0ck/sprig that referenced this issue Jan 9, 2020
Add support for generating htpasswd hash
6f0bda6 
Fixes issue Masterminds#32
rustycl0ck pushed a commit to rustycl0ck/sprig that referenced this issue Jan 9, 2020
Add support for generating htpasswd hash
4eccb26 
Fixes issue Masterminds#32
rustycl0ck pushed a commit to rustycl0ck/sprig that referenced this issue Jan 9, 2020
Add support for generating htpasswd hash
acd062d 
Fixes issue Masterminds#32
rustycl0ck pushed a commit to rustycl0ck/sprig that referenced this issue Jan 9, 2020
Add support for generating htpasswd hash
0aadafb 
Fixes issue Masterminds#32
@rustycl0ck rustycl0ck mentioned this issue Jan 9, 2020
Merged
technosophos pushed a commit that referenced this issue Jan 24, 2020
@rustycl0ck @technosophos
Add support for generating htpasswd hash (#225)
173256c 
* Add support for generating htpasswd hash

Fixes issue #32

* Fix typo
@j-zimnowoda
Copy link

Would it be possible implement third argument for sprig htpasswd, so I can provide htpasswd related arguments?

e.g.:

{{ htpasswd .Values.username .Values.password 'nBC 10' }}

@Morriz Morriz mentioned this issue Dec 29, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@mattfarina @technosophos @TimJones @ValentinFunk @sanderploegsma @Tim-Schwalbe @j-zimnowoda