DigestAuth

The DigestAuth middleware grants access to services to authorized users only.

---

Configuration Example

Middleware Digest Authentication

---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: test-auth
spec:
  digestAuth:
    secret: authsecret

Secret with encoded credentials

# Note: in a kubernetes secret the string (e.g. generated by htdigest) must be base64-encoded first.

apiVersion: v1
kind: Secret
metadata:
  name: authsecret
  namespace: traefik
data:
  users: |2
    dGVzdDp0cmFlZmlrOmEyNjg4ZTAzMWVkYjRiZTZhMzc5N2YzODgyNjU1YzA1CnRlc3QyOnRyYWVmaWs6NTE4ODQ1ODAwZjllMmJmYjFmMWY3NDBlYzI0ZjA3NGUKCg

Configuration Options

Field	Description	Default	Required
users	Array of authorized users. Each user must be declared using the name:realm:encoded-password format. The option users supports Kubernetes secrets. (More information here)	""	No
usersFile	Path to an external file that contains the authorized users for the middleware. The file content is a list of name:realm:encoded-password. (More information here)	""	No
realm	Allow customizing the realm for the authentication.	"traefik"	No
headerField	Allow defining a header field to store the authenticated user.	""	No
removeHeader	Allow removing the authorization header before forwarding the request to your service.	false	No

users

• If both users and usersFile are provided, the two are merged. The contents of usersFile have precedence over the values in users.
• For security reasons, the field users doesn't exist for Kubernetes IngressRoute, and one should use the secret field instead.

usersFile

• If both users and usersFile are provided, the two are merged. The contents of usersFile have precedence over the values in users.
• For security reasons, the field users doesn't exist for Kubernetes IngressRoute, and one should use the secret field instead.

Passwords format

Use htdigest to generate passwords.