Support Custom Key for Authentication Secret #12993
Description
Currently, the NGINX Ingress Controller requires the basic authentication secret to have the key auth. However, some environments enforce strict secret structures where the authentication data is stored under a different key (e.g., token).
There is no built-in way to specify a custom key for authentication, making it difficult to integrate with systems that do not allow modifying secret keys.
Request:
Please add support for a custom key in the authentication secret via an annotation such as:
nginx.ingress.kubernetes.io/auth-secret-key: "token"
This would allow users to specify the exact key inside the secret instead of being forced to use auth.
Use Case:
Some enterprise environments enforce specific secret formats where credentials are stored under a predefined key (e.g., token).
Current workarounds require additional automation (e.g., init containers or external services), which adds operational overhead.
Allowing a configurable secret key would improve flexibility without breaking existing implementations.
Expected Behavior:
If the annotation nginx.ingress.kubernetes.io/auth-secret-key is set, the NGINX Ingress Controller should look for the specified key inside the secret instead of the default auth key.
Example Usage:
kind: Ingress
metadata:
name: my-ingress
annotations:
nginx.ingress.kubernetes.io/auth-type: "basic"
nginx.ingress.kubernetes.io/auth-secret: "my-auth-secret"
nginx.ingress.kubernetes.io/auth-secret-key: "token" # New annotation request
nginx.ingress.kubernetes.io/auth-realm: "Authentication Required"
This would instruct the Ingress controller to look for credentials under the token key instead of auth.
Current Workarounds (Not Ideal):
Creating a new secret manually with the correct key.
Using an init container to copy the secret and rename the key dynamically.
Implementing an external authentication service.
Adding this feature would simplify integration and improve usability.