Skip to main content
BasicAuth validates HTTP Basic credentials against a static list of username and BCrypt password hash pairs.
BasicAuth is defined in the policy schema but is not executed by the sentinel engine yet.

Fields

credentials
Credential[]
List of allowed credentials. Each entry contains a username and a password_hash (BCrypt).

Example

{
  "policies": [
    {
      "id": "basic-auth",
      "name": "Basic auth for internal tools",
      "enabled": true,
      "match": [
        { "path": { "path": { "prefix": "/internal/" } } }
      ],
      "basicauth": {
        "credentials": [
          {
            "username": "admin",
            "password_hash": "$2a$10$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWy"
          }
        ]
      }
    }
  ]
}
Produces a principal with type PRINCIPAL_TYPE_BASIC on success. The principal subject is set to the matched username.