Skip to content

Septima/traefik-api-key-auth

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits

.editorconfig

.editorconfig

 
 

.gitignore

.gitignore

 
 

.traefik.yml

.traefik.yml

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

go.mod

go.mod

 
 

plugin.go

plugin.go

 
 

Repository files navigation

api-key-auth

This plugin allows you to protect routes with an API key specified in a header, query string param or path segment. If the user does not provide a valid key the middleware will return a 403.

Config

Static file

Add to your Traefik static configuration

yaml

experimental:
  plugins:
    traefik-api-key-auth:
      moduleName: "github.com/Septima/traefik-api-key-auth"
      version: "v0.2.3"

toml

[experimental.plugins.traefik-api-key-auth]
  moduleName = "github.com/Septima/traefik-api-key-auth"
  version = "v0.2.3"

CLI

Add to your startup args:

--experimental.plugins.traefik-api-key-auth.modulename=github.com/Septima/traefik-api-key-auth
--experimental.plugins.traefik-api-key-auth.version=v0.2.3

K8s CRD

apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: verify-api-key
spec:
  plugin:
    traefik-api-key-auth:
      authenticationHeader: true
      authenticationHeaderName: X-API-KEY
      bearerHeader: true
      bearerHeaderName: Authorization
      queryParam: true
      queryParamName: token
      pathSegment: true
      permissiveMode: false
      removeHeadersOnSuccess: true
      internalForwardHeaderName: ''
      internalErrorRoute: ''
      keys:
        - some-api-key

Plugin options

option default type description optional
authenticationHeader true bool Use an authentication header to pass a valid key. ⚠️
authenticationHeaderName "X-API-KEY" string The name of the authentication header.
bearerHeader true bool Use an authorization header to pass a bearer token (key). ⚠️
bearerHeaderName "Authorization" string The name of the authorization bearer header.
queryParam true bool Use a query string param to pass a valid key. ⚠️
queryParamName "token" string The name of the query string param.
pathSegment true bool Use match on path segment to pass a valid key. ⚠️
permissiveMode false bool Dry-run option to allow the request even if no valid was provided
removeHeadersOnSuccess true bool If true will remove the header on success.
internalForwardHeaderName "" string Optionally forward validated key as header to next middleware.
internalErrorRoute "" string Optionally route to backend at specified path on invalid key
keys [] []string A list of valid keys that can be passed using the headers.

⚠️ - Is optional but at least one of authenticationHeader, bearerHeader, queryparam or pathSegment must be set to true.

❌ - Required.

✅ - Is optional and will use the default values if not set.

About

No description or website provided.

Topics

traefik-plugin

Resources

Readme

License

ISC license
Activity
Custom properties

Stars

7 stars

Watchers

3 watching

Forks

2 forks
Report repository

Releases

6 tags

Packages

No packages published

Contributors 2

  •  
  •  

Languages