Skip to content

Traefik Middleware for authenticating request using either a header, a query string or a prefix of the url path.

License

Notifications You must be signed in to change notification settings

Septima/traefik-api-key-auth

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

api-key-auth

This plugin allows you to protect routes with an API key specified in a header, query string param or path segment. If the user does not provide a valid key the middleware will return a 403.

Config

Static file

Add to your Traefik static configuration

yaml

experimental:
  plugins:
    traefik-api-key-auth:
      moduleName: "github.com/Septima/traefik-api-key-auth"
      version: "v0.2.3"

toml

[experimental.plugins.traefik-api-key-auth]
  moduleName = "github.com/Septima/traefik-api-key-auth"
  version = "v0.2.3"

CLI

Add to your startup args:

--experimental.plugins.traefik-api-key-auth.modulename=github.com/Septima/traefik-api-key-auth
--experimental.plugins.traefik-api-key-auth.version=v0.2.3

K8s CRD

apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: verify-api-key
spec:
  plugin:
    traefik-api-key-auth:
      authenticationHeader: true
      authenticationHeaderName: X-API-KEY
      bearerHeader: true
      bearerHeaderName: Authorization
      queryParam: true
      queryParamName: token
      pathSegment: true
      permissiveMode: false
      removeHeadersOnSuccess: true
      internalForwardHeaderName: ''
      internalErrorRoute: ''
      keys:
        - some-api-key

Plugin options

option default type description optional
authenticationHeader true bool Use an authentication header to pass a valid key. ⚠️
authenticationHeaderName "X-API-KEY" string The name of the authentication header.
bearerHeader true bool Use an authorization header to pass a bearer token (key). ⚠️
bearerHeaderName "Authorization" string The name of the authorization bearer header.
queryParam true bool Use a query string param to pass a valid key. ⚠️
queryParamName "token" string The name of the query string param.
pathSegment true bool Use match on path segment to pass a valid key. ⚠️
permissiveMode false bool Dry-run option to allow the request even if no valid was provided
removeHeadersOnSuccess true bool If true will remove the header on success.
internalForwardHeaderName "" string Optionally forward validated key as header to next middleware.
internalErrorRoute "" string Optionally route to backend at specified path on invalid key
keys [] []string A list of valid keys that can be passed using the headers.

⚠️ - Is optional but at least one of authenticationHeader, bearerHeader, queryparam or pathSegment must be set to true.

❌ - Required.

✅ - Is optional and will use the default values if not set.

About

Traefik Middleware for authenticating request using either a header, a query string or a prefix of the url path.

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages