I have a file of API keys that were not encoded through htdigest from an existing reverse proxy, but I want to migrate to Traefik. However, after taking a look at the documentation, neither basic auth nor digest auth suit my usecase since:
A. storing anything more than a few valid auth headers in docker-compose.yml would quickly become an exercise in futility.
B. migrating to htdigest would require my users to regenerate their keys.
Is there a way to point traefik at an external keystore file for headers?
Hi @ratchet5000, have you tried the label
traefik.frontend.auth.basic.usersFile in compose, that points to a "basic" htpasswd file? (it also exists it's sibling for htdigest FWIW) .
Traefik supports 3 kind of authentications: if basic auth. a,nd digest does not fit,
then you can still delegate the authentication to another system, using the "forward authentication".
I was hoping to avoid having yet another service for authentication, but it seems like I'll have to go with forward auth for my purposes.