📝 Update READMEs to talk about the hash feature

chezmoi-sh · Feb 17, 2024 · 4d987bc · 4d987bc
1 parent 2b5830d
commit 4d987bc
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -103,4 +103,22 @@ dc:org: #dn: dc=org
           userPassword: eve
 ```
 
+### Hashed passwords
+
+In order to avoid storing clear text passwords in the YAML file, yaLDAP supports hashed passwords.
+Currently, only `argon2`, `bcrypt`, `pbkdf2` and `scrypt` are supported.
+
+#### How to hash a password
+
+```sh
+echo -n "<password>" | yaldap tools hash <alogrithm> [<options>] -
+```
+
+For example, to hash a password using `bcrypt` and a cost of 10:
+
+```sh
+$ echo -n "password" | yaldap tools hash bcrypt --rounds 10 -
+$bcrypt$v=0$r=10$$243261243130247935525748646434736f52794a2e474f3162714856755331496c616e54384b4d387346494a746c6b3141776e7a6c36736f377a6471
+```
+
 ## Contribution
diff --git a/pkg/ldap/directory/yaml/README.md b/pkg/ldap/directory/yaml/README.md
@@ -48,6 +48,10 @@ dc:org: #dn: dc=org
     - Can be a scalar (one) or a sequence (several) node
     - **These values are not stored inside the attribute**
 
+> [!NOTE]
+> The `!!ldap/bind:password` handle hashed password during the `bind` operation.  
+> Currently, only `argon2`, `bcrypt`, `pbkdf2` and `scrypt` are supported. See [README.md](../../../../README.md) for more details.
+
 ### Extension: `go` template
 
 To extend the `YAML` syntax _(injecting secrets for example)_, the `YAML` parser will use the `text/template` package to parse the `YAML` file.