#!/usr/bin/env python3 """ Generate bcrypt htpasswd entry for Harbor registry credentials. Usage: ./generate-registry-htpasswd.py This will prompt for the registry password and output the properly formatted htpasswd line to add to 1Password as the 'registry-htpasswd' field. """ import sys import getpass try: import bcrypt except ImportError: print("ERROR: bcrypt module not installed.") print("Install with: pip3 install bcrypt") sys.exit(1) def generate_htpasswd(username, password): """Generate bcrypt htpasswd entry.""" # Using cost factor 10 (2^10 = 1024 rounds) - standard bcrypt setting hashed = bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt(rounds=10)) return f"{username}:{hashed.decode('utf-8')}" def main(): username = "harbor_registry_user" print("=" * 70) print("Harbor Registry HTPASSWD Generator") print("=" * 70) print() print(f"Username: {username} (fixed)") print() # Get password securely password = getpass.getpass("Enter registry password: ") if not password: print("ERROR: Password cannot be empty") sys.exit(1) # Confirm password password_confirm = getpass.getpass("Confirm password: ") if password != password_confirm: print("ERROR: Passwords do not match") sys.exit(1) print() print("Generating bcrypt hash...") htpasswd_entry = generate_htpasswd(username, password) print() print("=" * 70) print("SUCCESS! Copy the line below to 1Password:") print("=" * 70) print() print(htpasswd_entry) print() print("=" * 70) print() print("Next steps:") print("1. Copy the line above (entire line including username and hash)") print("2. Open 1Password → mk-labs vault → the-seas item") print("3. Add new field:") print(" - Label: registry-htpasswd") print(" - Value: ") print("4. Save the 1Password item") print("5. ExternalSecret will sync within 1 hour (or force delete/recreate)") print() if __name__ == "__main__": try: main() except KeyboardInterrupt: print("\nOperation cancelled.") sys.exit(1) except Exception as e: print(f"ERROR: {e}", file=sys.stderr) sys.exit(1)