Skip to content
/ traefik-api-key-auth Public

Traefik Middleware for authenticating request using either a header, a query string or a prefix of the url path.

License

ISC license
14 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Septima/traefik-api-key-auth

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
.editorconfig
.editorconfig
 
 
.gitignore
.gitignore
 
 
.traefik.yml
.traefik.yml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
plugin.go
plugin.go
 
 

Repository files navigation

api-key-auth

This plugin allows you to protect routes with an API key specified in a header, query string param or path segment. If the user does not provide a valid key the middleware will return a 403.

Config

Static file

Add to your Traefik static configuration

yaml

experimental:
  plugins:
    traefik-api-key-auth:
      moduleName: "github.com/Septima/traefik-api-key-auth"
      version: "v0.2.3"

toml

[experimental.plugins.traefik-api-key-auth]
  moduleName = "github.com/Septima/traefik-api-key-auth"
  version = "v0.2.3"

CLI

Add to your startup args:

--experimental.plugins.traefik-api-key-auth.modulename=github.com/Septima/traefik-api-key-auth
--experimental.plugins.traefik-api-key-auth.version=v0.2.3

K8s CRD

apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: verify-api-key
spec:
  plugin:
    traefik-api-key-auth:
      authenticationHeader: true
      authenticationHeaderName: X-API-KEY
      bearerHeader: true
      bearerHeaderName: Authorization
      queryParam: true
      queryParamName: token
      pathSegment: true
      permissiveMode: false
      removeHeadersOnSuccess: true
      internalForwardHeaderName: ''
      internalErrorRoute: ''
      keys:
        - some-api-key

Plugin options

option default type description optional
authenticationHeader true bool Use an authentication header to pass a valid key. ⚠️
authenticationHeaderName "X-API-KEY" string The name of the authentication header.
bearerHeader true bool Use an authorization header to pass a bearer token (key). ⚠️
bearerHeaderName "Authorization" string The name of the authorization bearer header.
queryParam true bool Use a query string param to pass a valid key. ⚠️
queryParamName "token" string The name of the query string param.
pathSegment true bool Use match on path segment to pass a valid key. ⚠️
permissiveMode false bool Dry-run option to allow the request even if no valid was provided
removeHeadersOnSuccess true bool If true will remove the header on success.
internalForwardHeaderName "" string Optionally forward validated key as header to next middleware.
internalErrorRoute "" string Optionally route to backend at specified path on invalid key
keys [] []string A list of valid keys that can be passed using the headers.

⚠️ - Is optional but at least one of authenticationHeader, bearerHeader, queryparam or pathSegment must be set to true.

❌ - Required.

✅ - Is optional and will use the default values if not set.

About

Traefik Middleware for authenticating request using either a header, a query string or a prefix of the url path.

Topics

traefik-plugin

Resources

Readme

License

ISC license
Activity
Custom properties

Stars

14 stars

Watchers

2 watching

Forks

3 forks
Report repository

Releases 3

v0.3.0 Permissive mode Latest
Jun 24, 2024
+ 2 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages