search

Masterminds / sprig

Useful template functions for Go templates.
http://masterminds.github.io/sprig/
MIT License
4.19k stars 433 forks source link

Add support for generating htpasswd hash #32

Open TimJones opened 7 years ago

TimJones commented 7 years ago

A function that can generate the htpasswd type hash from username & password would be great. In Kubernetes Helm charts, this would help in configuring basic auth for ingress resources.

technosophos commented 7 years ago

Can you point me to some documentation? I'm not sure what the hashing algo is that it uses.

ValentinFunk commented 6 years ago

If anyone comes here from google, an easy way to get around it for helm charts and nginx is to use plain text to store the pw: 

auth: {{ (print "apikey:{PLAIN}" (index .Values.apiKey)) | b64enc | quote }}

Not cool to store the PWs like this but it's in a kubernetes secret so i guess it's ok? Suppose for proper auth you wouldn't use basic auth anyway

@technosophos The algorithms are a bit of a mess: https://httpd.apache.org/docs/2.4/misc/password_encryptions.html lots of apache specific stuff in C, not sure if anyone want's to port that over. Bcrypt seems to be pretty standard but i'm not sure what this means: https://github.com/abbot/go-http-auth/blob/cb4372376e1e00e9f6ab9ec142e029302c9e7140/basic.go#L27. Might not be relevant for generation.

Tim-Schwalbe commented 5 years ago

Can you explain where it is stored in plain text? because the secret is base64 encoded

sanderploegsma commented 4 years ago

@Kamshak Nginx indeed seems to support plain text passwords in the passwd file. However, when I create a Kubernetes secret that contains foo:bar (base64 encoded) the Nginx Controller doesn't accept these credentials. If I use htpasswd to encrypt bar it works.

Are you sure that your approach should work for the Nginx Ingress controller?

ValentinFunk commented 4 years ago

Hey, I'm not running the app that required this anymore so I'm not sure if it still works (but I guess it should unless something in nginx changed). I think the key to making it work was to have that {PLAIN} in there.

Sander Ploegsma notifications@github.com schrieb am Di., 10. Dez. 2019, 14:47:

@Kamshak https://github.com/Kamshak Nginx indeed seems to support plain text passwords in the passwd file. However, when I create a Kubernetes secret that contains foo:bar (base64 encoded) the Nginx Controller doesn't accept these credentials. If I use htpasswd to encrypt bar it works.

Are you sure that your approach should work for the Nginx Ingress controller?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/Masterminds/sprig/issues/32?email_source=notifications&email_token=AACSQMAQV5IEH6AXZ5BFVULQX6MWPA5CNFSM4DGQXVPKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEGPI6HY#issuecomment-564039455, or unsubscribe https://github.com/notifications/unsubscribe-auth/AACSQMHO4MSB6BBN5CWYUR3QX6MWPANCNFSM4DGQXVPA .

j-zimnowoda commented 2 years ago

Would it be possible implement third argument for sprig htpasswd, so I can provide htpasswd related arguments?

e.g.:

{{ htpasswd .Values.username .Values.password 'nBC 10' }}