AWSPics icon indicating copy to clipboard operation
AWSPics copied to clipboard

Published 20 hours ago verified publisher icon jpsim

Encrypted htpasswd

Open agstevens opened this issue 5 years ago • 2 comments

Is anyone else having an issue with the htpasswd encryption steps? In earlier deployments it worked fine for me, but now it is suddenly not working (after a macOS update to mojave 10.14.6 - they might have changed the default shell).

I generate an htpasswd file using the command line: htpasswd -vB username

(this generates a plaintext output as the command "htpasswd -nB username > htpasswd" includes the "New Password:" text - I don't recall this happening on the previous MacOS version) so I have to paste it into an htpasswd file manually - maybe the newline characters or lack of newline characters at the end of the line are messing with it?

I test the htpasswd file: htpasswd -vb htpasswd username password

and the password checks out

I encrypt it as follows: aws kms encrypt --key-id $KMS_KEY_ID --plaintext "$(cat htpasswd)" --query CiphertextBlob --output text

I also try adding the --region us-east-1 for completeness

output is a long string: AQICAHhVd.....k==

I test it with decryption: aws kms decrypt --ciphertext-blob fileb://<(echo 'AQICAHhVd.....k==' | base64 -D)

and paste the decrypted string into a base64 yo ascii converter and verify it matches the htpasswd file contents.

When I deploy it, the username password is not accepted. However, when I use an earlier generated password from before the macOS update, it works. I think the macOS update changed the default shell, but I can't figure out why this is no longer working for me.

agstevens avatar Mar 22 '20 06:03 agstevens

Just bumping this again. I'm deploying something again and having the same issue. Was wondering if anyone encountered this issue at all in the last 18 months. I tried doing the htpasswd command in a docker container - checked and doubled checked spaces and newlines... ...still can't get it working again.

agstevens avatar Nov 24 '21 04:11 agstevens

I haven't updated the password on my photo site since I originally created it 4 years ago, but I tried following the steps again and had to change "$(cat htpasswd)" to fileb://htpasswd to get it working with version 2.3.5 of aws-cli. Perhaps you can try that?

aws kms encrypt \
  --key-id $KMS_KEY_ID \
  --plaintext fileb://htpasswd \
  --query CiphertextBlob \
  --output text

jpsim avatar Nov 29 '21 15:11 jpsim

Thanks, that update made a big difference for me. I updated the project to node.js 20.x today. Thanks for your help!

agstevens avatar Dec 16 '23 03:12 agstevens

Closing issue.

agstevens avatar Dec 16 '23 03:12 agstevens