HtPasswd

A real htpasswd file manager for Apache/Nginx HTTP basic authentication. Create password files, add/remove users, verify passwords, and list users. Supports apr1 (Apache MD5), SHA-256, and SHA-512 hash algorithms via openssl.

Commands

Command	Description
htpasswd create <file> <user> <password>	Create a new htpasswd file with the first user (fails if file exists)
htpasswd add <file> <user> <password>	Add a user to an existing file (or update password if user exists)
htpasswd delete <file> <user>	Remove a user from the htpasswd file
htpasswd verify <file> <user> <password>	Verify a user's password (supports apr1, sha256, sha512, sha1, crypt)
htpasswd list <file>	List all users with their hash algorithm type
htpasswd version	Show version
htpasswd help	Show available commands and usage

Configuration

Variable	Default	Description
HTPASSWD_ALGO	apr1	Hash algorithm: apr1, sha256, or sha512

Requirements

• Bash 4+ (set -euo pipefail)
• openssl — for password hashing and verification
• grep, sed — standard text utilities
• No external dependencies or API keys

When to Use

1. Setting up basic auth — htpasswd create /etc/nginx/.htpasswd admin secret to create a new file
2. Managing users — htpasswd add to add users, htpasswd delete to remove them
3. Password verification — htpasswd verify to check if a password is correct
4. Security audits — htpasswd list shows all users and their hash types
5. Stronger hashing — Set HTPASSWD_ALGO=sha512 for SHA-512 instead of default apr1

Examples

# Create a new htpasswd file
htpasswd create /etc/nginx/.htpasswd admin MySecretPass

# Add another user
htpasswd add /etc/nginx/.htpasswd editor AnotherPass

# Use SHA-512 for stronger hashing
HTPASSWD_ALGO=sha512 htpasswd add /etc/nginx/.htpasswd secure_user StrongPass

# List all users
htpasswd list /etc/nginx/.htpasswd

# Verify a password
htpasswd verify /etc/nginx/.htpasswd admin MySecretPass

# Delete a user
htpasswd delete /etc/nginx/.htpasswd editor

Example Output

$ htpasswd create /tmp/.htpasswd admin secret123
┌──────────────────────────────────────────────────┐
│  htpasswd File Created                           │
├──────────────────────────────────────────────────┤
│  File:     /tmp/.htpasswd                         │
│  User:     admin                                  │
│  Algo:     apr1                                   │
│  Perms:    640 (owner rw, group r)                │
├──────────────────────────────────────────────────┤
│  ✅ File created with 1 user                     │
└──────────────────────────────────────────────────┘

$ htpasswd list /tmp/.htpasswd
┌──────────────────────────────────────────────────┐
│  htpasswd Users                                  │
├──────────────────────────────────────────────────┤
│  File:  /tmp/.htpasswd                            │
│  Users: 2                                         │
├──────────────────────────────────────────────────┤
│   1. admin                [apr1 (MD5)      ]      │
│   2. editor               [sha512          ]      │
└──────────────────────────────────────────────────┘

$ htpasswd verify /tmp/.htpasswd admin secret123
┌──────────────────────────────────────────────────┐
│  Password Verification                           │
├──────────────────────────────────────────────────┤
│  File:     /tmp/.htpasswd                         │
│  User:     admin                                  │
│  Result:   ✅ Password CORRECT                   │
└──────────────────────────────────────────────────┘

Security Notes

• Files are created with 640 permissions (owner read/write, group read)
• Default algorithm is apr1 (Apache MD5) — widely compatible
• Use HTPASSWD_ALGO=sha512 for stronger hashing on modern systems
• Usernames cannot contain : or whitespace characters
• Existing users get their password replaced when using add

---

Powered by BytesAgain | bytesagain.com | hello@bytesagain.com