sprig icon indicating copy to clipboard operation
sprig copied to clipboard

Published 20 hours ago verified publisher icon Masterminds

Add support for generating htpasswd hash

Open TimJones opened this issue 8 years ago • 6 comments
trafficstars

A function that can generate the htpasswd type hash from username & password would be great. In Kubernetes Helm charts, this would help in configuring basic auth for ingress resources.

TimJones avatar Apr 05 '17 12:04 TimJones

Can you point me to some documentation? I'm not sure what the hashing algo is that it uses.

technosophos avatar May 16 '17 19:05 technosophos

If anyone comes here from google, an easy way to get around it for helm charts and nginx is to use plain text to store the pw:

auth: {{ (print "apikey:{PLAIN}" (index .Values.apiKey)) | b64enc | quote }}

Not cool to store the PWs like this but it's in a kubernetes secret so i guess it's ok? Suppose for proper auth you wouldn't use basic auth anyway

@technosophos The algorithms are a bit of a mess: https://httpd.apache.org/docs/2.4/misc/password_encryptions.html lots of apache specific stuff in C, not sure if anyone want's to port that over. Bcrypt seems to be pretty standard but i'm not sure what this means: https://github.com/abbot/go-http-auth/blob/cb4372376e1e00e9f6ab9ec142e029302c9e7140/basic.go#L27. Might not be relevant for generation.

ValentinFunk avatar Jan 04 '18 23:01 ValentinFunk

Can you explain where it is stored in plain text? because the secret is base64 encoded

Tim-Schwalbe avatar Jul 31 '19 08:07 Tim-Schwalbe

@Kamshak Nginx indeed seems to support plain text passwords in the passwd file. However, when I create a Kubernetes secret that contains foo:bar (base64 encoded) the Nginx Controller doesn't accept these credentials. If I use htpasswd to encrypt bar it works.

Are you sure that your approach should work for the Nginx Ingress controller?

sanderploegsma avatar Dec 10 '19 13:12 sanderploegsma

Hey, I'm not running the app that required this anymore so I'm not sure if it still works (but I guess it should unless something in nginx changed). I think the key to making it work was to have that {PLAIN} in there.

Sander Ploegsma [email protected] schrieb am Di., 10. Dez. 2019, 14:47:

@Kamshak https://github.com/Kamshak Nginx indeed seems to support plain text passwords in the passwd file. However, when I create a Kubernetes secret that contains foo:bar (base64 encoded) the Nginx Controller doesn't accept these credentials. If I use htpasswd to encrypt bar it works.

Are you sure that your approach should work for the Nginx Ingress controller?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/Masterminds/sprig/issues/32?email_source=notifications&email_token=AACSQMAQV5IEH6AXZ5BFVULQX6MWPA5CNFSM4DGQXVPKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEGPI6HY#issuecomment-564039455, or unsubscribe https://github.com/notifications/unsubscribe-auth/AACSQMHO4MSB6BBN5CWYUR3QX6MWPANCNFSM4DGQXVPA .

ValentinFunk avatar Dec 14 '19 18:12 ValentinFunk

Would it be possible implement third argument for sprig htpasswd, so I can provide htpasswd related arguments?

e.g.:

{{ htpasswd .Values.username .Values.password 'nBC 10' }}

j-zimnowoda avatar Nov 23 '21 11:11 j-zimnowoda