Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add bcrypt export format #230

Open
gberche-orange opened this issue Jan 31, 2023 · 3 comments
Open

Add bcrypt export format #230

gberche-orange opened this issue Jan 31, 2023 · 3 comments
Labels
carvel-accepted This issue should be considered for future work and that the triage process has been completed enhancement This issue is a feature request hacktoberfest priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete.

Comments

@gberche-orange
Copy link

Describe the problem/challenge you have

As a secretgen-controller user
In order to use a generated secret in workloads that expect bcrypt encoded password
I need the SecretTemplate to support a bcrypt export format beyond base64 encoding

Describe the solution you'd like
[A clear and concise description of what you want to happen. If applicable a visual representation of the UX.]

SecretTemplate to support an additional format field with default base64 and an additional bcrypt value

See

template:
#! data is used for templating in data that *is* base64 encoded, most likely Secrets.
data:
password: $(.password-secret.data.password)
username: $(.username-secret.data.username)

In order to login to the WGE UI, you need to generate a bcrypt hash for your chosen password and store it as a secret in the Kubernetes cluster.

There are several different ways to generate a bcrypt hash, this guide uses gitops get bcrypt-hash from our CLI, which can be installed by following the instructions here.

Anything else you would like to add:

https://docs.gitops.weave.works/docs/installation/weave-gitops-enterprise/#6-configure-password

Similar request on ytt in carvel-dev/ytt#106


Vote on this request

This is an invitation to the community to vote on issues, to help us prioritize our backlog. Use the "smiley face" up to the right of this comment to vote.

👍 "I would like to see this addressed as soon as possible"
👎 "There are other more important things to focus on right now"

We are also happy to receive and review Pull Requests if you would like to work on this issue.

@gberche-orange gberche-orange added carvel-triage This issue has not yet been reviewed for validity enhancement This issue is a feature request labels Jan 31, 2023
@github-project-automation github-project-automation bot moved this to To Triage in Carvel Jan 31, 2023
@neil-hickey
Copy link
Contributor

hey @gberche-orange thanks for the suggestion! Yes, we would like to support bcrypt - we are open to PR's and happy to help if you might want to contribute. Otherwise I suspect due to current bandwidth of the team, this is a long term priority

@neil-hickey neil-hickey moved this from To Triage to Unprioritized in Carvel Feb 22, 2023
@neil-hickey neil-hickey added carvel-accepted This issue should be considered for future work and that the triage process has been completed priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. and removed carvel-triage This issue has not yet been reviewed for validity labels Feb 22, 2023
@gberche-orange
Copy link
Author

Thanks for considering this suggestion. I fully understand the necessary prioritization that the carvel team is carefully applying in hands with the community of users and contributors. I'm sorry that I'm unable to help beyond sharing feedback from my experience.

@tonygilkerson
Copy link

tonygilkerson commented Feb 23, 2024

This functionality is needed to support Harbor. Here is how I am currently creating my Harbor secrets. Note the use of htpasswd is required for Harbor.

apiVersion: v1
kind: Secret
metadata:
  name: harbor-registry-password
  namespace: harbor
  annotations:
    # Only apply this password on install because the htpasswd function is not idempotent
    helm.sh/hook: post-install
type: Opaque
data:
  {{- $harborRegPass := randAlphaNum 32 }}
  REGISTRY_PASSWD: {{ $harborRegPass | b64enc | quote }}
  REGISTRY_HTPASSWD: {{ htpasswd "harbor_registry_user" $harborRegPass | b64enc | quote }}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
carvel-accepted This issue should be considered for future work and that the triage process has been completed enhancement This issue is a feature request hacktoberfest priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete.
Projects
Status: Unprioritized
Development

No branches or pull requests

4 participants