{"id":29859282,"url":"https://github.com/gocd/gocd-filebased-authentication-plugin","last_synced_at":"2026-02-28T21:02:36.055Z","repository":{"id":19021566,"uuid":"84311940","full_name":"gocd/gocd-filebased-authentication-plugin","owner":"gocd","description":"This plugin is a password file based authentication plugin for GoCD","archived":false,"fork":false,"pushed_at":"2025-07-25T05:15:46.000Z","size":1107,"stargazers_count":24,"open_issues_count":0,"forks_count":17,"subscribers_count":10,"default_branch":"master","last_synced_at":"2025-07-25T10:45:59.640Z","etag":null,"topics":["authentication","bcrypt","gocd","passwordhash","plugin"],"latest_commit_sha":null,"homepage":"https://www.gocd.org","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/gocd.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2017-03-08T11:13:56.000Z","updated_at":"2025-07-25T05:14:02.000Z","dependencies_parsed_at":"2023-02-11T23:15:44.718Z","dependency_job_id":"a504044e-9881-413b-bdf6-16a643be8d24","html_url":"https://github.com/gocd/gocd-filebased-authentication-plugin","commit_stats":null,"previous_names":[],"tags_count":176,"template":false,"template_full_name":null,"purl":"pkg:github/gocd/gocd-filebased-authentication-plugin","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gocd%2Fgocd-filebased-authentication-plugin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gocd%2Fgocd-filebased-authentication-plugin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gocd%2Fgocd-filebased-authentication-plugin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gocd%2Fgocd-filebased-authentication-plugin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/gocd","download_url":"https://codeload.github.com/gocd/gocd-filebased-authentication-plugin/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gocd%2Fgocd-filebased-authentication-plugin/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":267797725,"owners_count":24145710,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-30T02:00:09.044Z","response_time":70,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","bcrypt","gocd","passwordhash","plugin"],"created_at":"2025-07-30T02:12:43.681Z","updated_at":"2025-10-06T14:48:28.984Z","avatar_url":"https://github.com/gocd.png","language":"Java","readme":"# GoCD File Based Authentication Plugin\n\nThis is a file based authentication plugin which implements the GoCD [Authorization Plugin](https://plugin-api.gocd.io/current/authorization/) endpoint. This plugin allows authentication/search of users defined in password files.\n\n## Building the code base\n\nTo build the jar, run `./gradlew clean test assemble`\n\n## Installation\n\n- From GoCD `17.5.0` onwards the plugin comes bundled along with server, hence a separate installation is not required.\n\n## Usage instructions\n\nThe plugin uses the popular file format used by the `htpasswd` program:\n\n    username:hashed-password\n\nThe plugin currently supports passwords hashed using `bcrypt`, `PBKDF2` and `SHA1`. See [#13](https://github.com/gocd/gocd-filebased-authentication-plugin/issues/13) for details.\n\n\u003e **Note**: It is highly recommended that users use passwords hashed using `bcrypt` and not `SHA1`.\n\nYou can put as many username/hashed password pairs as you like -- use a new line for each one\n\n## Generating password using cli-app\n\nYou can use the [gocd-passwd](https://github.com/gocd/gocd-filebased-authentication-plugin/tree/master/gocdpasswd) to generate hashed password file entry.\n\nUse the following command to generate bcrypt hashed password file entry,  \n\n```bash\n$ java -jar gocdpasswd.jar -B -u username -p password\n```\n\nWhere, `-B` forces password hashing with bcrypt, However you can also use `-P` for PBKDF2SHA1 and `-S` for PBKDF2SHA256\n\n## Generating passwords using `htpasswd`\n\nYou can use the [htpasswd](http://httpd.apache.org/docs/2.0/programs/htpasswd.html) program from Apache to manage your password file.\n\nSo for example, you can use the following command to create a password file called `passwd` and put the password for the user \"user\" in it:\n\n```shell\nhtpasswd -c -B passwd user\n```\nWhere, `-B` forces password hashing with bcrypt, currently considered to be very secure. You can also use `-s` for SHA or `-d` for crypt() but these are deemed insecure\n\n### htpasswd on Windows\n\nThe `htpasswd` executable may be downloaded as part of the apache distribution from [Apache Haus](http://www.apachehaus.com/cgi-bin/download.plx) or [Apache Lounge](https://www.apachelounge.com/download/). Note that these executables may not work on Windows XP or Server 2003\n\n### htpasswd on Mac OSX\n\nhtpasswd is already installed by default on Mac OSX.\n\n### htpasswd on Linux\n\nDebian based distributions (e.g. Ubuntu) htpasswd can be installed from the apache2-utils\n\n```shell\n$ apt-get install apache2-utils\n```\n\n### Generating passwords using python\n\nAnother option is to use the following command (assumes python is installed on your system)\n\n```shell\n$ python -c \"import sha; from base64 import b64encode; print b64encode(sha.new('my-password').digest())\"\n```\n\n## Configuration\n\nThe plugin needs to be configured to use the password file. The configuration can be added by adding a Authorization Configuration by visiting the Authorization Configuration page under *Admin \u003e Security*.\n\nAlternatively, the configuration can be added directly to the `config.xml` using the `\u003cauthConfig\u003e` configuration.\n\n* Example Configuration\n\n    ```xml\n    \u003cauthConfigs\u003e\n      \u003cauthConfig id=\"auth-config-id\" pluginId=\"cd.go.authentication.passwordfile\"\u003e\n        \u003cproperty\u003e\n          \u003ckey\u003ePasswordFilePath\u003c/key\u003e\n          \u003cvalue\u003epath-to-password-file\u003c/value\u003e\n        \u003c/property\u003e\n      \u003c/authConfig\u003e\n    \u003c/authConfigs\u003e\n    ```\n\n* The plugin can also be configured to use multiple password files if required:\n\n    ```xml\n    \u003cauthConfigs\u003e\n      \u003cauthConfig id=\"auth-config-id-1\" pluginId=\"cd.go.authentication.passwordfile\"\u003e\n        \u003cproperty\u003e\n          \u003ckey\u003ePasswordFilePath\u003c/key\u003e\n          \u003cvalue\u003epath-to-password-file-1\u003c/value\u003e\n        \u003c/property\u003e\n      \u003c/authConfig\u003e\n      \u003cauthConfig id=\"auth-config-id-2\" pluginId=\"cd.go.authentication.passwordfile\"\u003e\n        \u003cproperty\u003e\n          \u003ckey\u003ePasswordFilePath\u003c/key\u003e\n          \u003cvalue\u003epath-to-password-file-2\u003c/value\u003e\n        \u003c/property\u003e\n      \u003c/authConfig\u003e\n    \u003c/authConfigs\u003e\n    ```\n\n## Troubleshooting\n\n### Verify Connection\n\nFor a given Authorization Configuration verify if the given password file can be accessed by the plugin. The Authorization Configuration page under *Admin \u003e Security* gives an option to verify connection.\n\n### Enable Debug Logs\n\n#### If you are on GoCD version 19.6 and above:\n\nEdit the file `wrapper-properties.conf` on your GoCD server and add the following options. The location of the `wrapper-properties.conf` can be found in the [installation documentation](https://docs.gocd.org/current/installation/installing_go_server.html) of the GoCD server.\n\n ```properties\n# We recommend that you begin with the index `100` and increment the index for each system property\nwrapper.java.additional.100=-Dplugin.cd.go.authentication.passwordfile.log.level=debug\n```\n\nIf you're running with GoCD server 19.6 and above on docker using one of the supported GoCD server images, set the environment variable `GOCD_SERVER_JVM_OPTS`:\n\n ```shell\ndocker run -e \"GOCD_SERVER_JVM_OPTS=-Dplugin.cd.go.authentication.passwordfile.log.level=debug\" ...\n```\n\n#### If you are on GoCD version 19.5 and lower:\n\n* On Linux:\n\n    Enabling debug level logging can help you troubleshoot an issue with this plugin. To enable debug level logs, edit the file `/etc/default/go-server` (for Linux) to add:\n\n    ```shell\n    export GO_SERVER_SYSTEM_PROPERTIES=\"$GO_SERVER_SYSTEM_PROPERTIES -Dplugin.cd.go.authentication.passwordfile.log.level=debug\"\n    ```\n\n    If you're running the server via `./server.sh` script:\n\n    ```shell\n    $ GO_SERVER_SYSTEM_PROPERTIES=\"-Dplugin.cd.go.authentication.passwordfile.log.level=debug\" ./server.sh\n    ```\n\n* On windows:\n\n    Edit the file `config/wrapper-properties.conf` inside the GoCD Server installation directory (typically `C:\\Program Files\\Go Server`):\n\n    ```\n    # config/wrapper-properties.conf\n    # since the last \"wrapper.java.additional\" index is 15, we use the next available index.\n    wrapper.java.additional.16=-Dplugin.cd.go.authentication.passwordfile.log.level=debug\n    ```\n\n## License\n\n```plain\nCopyright 2022 Thoughtworks, Inc.\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n    http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgocd%2Fgocd-filebased-authentication-plugin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgocd%2Fgocd-filebased-authentication-plugin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgocd%2Fgocd-filebased-authentication-plugin/lists"}