apps/wg-easy
1
0
Fork 0
mirror of https://github.com/wg-easy/wg-easy.git synced 2025-09-26 19:51:15 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
v14
wg-easy/How_to_generate_an_bcrypt_hash.md
Lucas Rattz 380ff5c2f1 Improve documentation on password hash (#1901) 
* Improve documentation on password hash

* Change branch name

* Add single quote docker run info

* Tag versions, docker run version

* separate docker run and compose

---------

Co-authored-by: Bernd Storath <32197462+kaaax0815@users.noreply.github.com>
2025-06-03 09:58:52 +02:00

1.9 KiB
Raw Permalink Blame History

Generating bcrypt-hashed password

With version 14 of wg-easy, a password hashed with bcrypt is needed instead of the plain-text password string. This doc explains how to generate the hash based on a plain-text password.

Using Docker + node

  • You are using docker compose

    The easiest way to generate a bcrypt password hash with wgpw is using docker and node:

    docker run ghcr.io/wg-easy/wg-easy:14 node -e 'const bcrypt = require("bcryptjs"); const hash = bcrypt.hashSync("YOUR_PASSWORD", 10); console.log(hash.replace(/\$/g, "$$$$"));'

    The hashed password will get printed on your terminal. Copy it and use on the PASSWORD_HASH environment variable in your docker compose.

  • You are using docker run

    If you are using docker run for running wg-easy, you must enclose the hash string in single quotes ('...'). You can use this command:

    docker run --rm ghcr.io/wg-easy/wg-easy:14 node -e "const bcrypt = require('bcryptjs'); const hash = bcrypt.hashSync('YOUR_PASSWORD', 10); console.log('\'' + hash + '\'');"

    The hashed password will get printed on your terminal. Copy it and use on the PASSWORD_HASH environment variable in your docker run command.

Using Docker + wgpw

wg-password (wgpw) is a script that generates bcrypt password hashes. You can use it with docker:

docker run ghcr.io/wg-easy/wg-easy:14 wgpw YOUR_PASSWORD

You will see an output similar to this:

PASSWORD_HASH='$2b$12$coPqCsPtcFO.Ab99xylBNOW4.Iu7OOA2/ZIboHN6/oyxca3MWo7fW'

In this example, the $2b$12$coPqCsPtcFO.Ab99xylBNOW4.Iu7OOA2/ZIboHN6/oyxca3MWo7fW string is your hashed password. For using it with docker-compose, you need to escape each $ characters by adding another $ before them, or they will get interpreted as variables. The final password you can use in docker-compose will look like this:

$$2b$$12$$coPqCsPtcFO.Ab99xylBNOW4.Iu7OOA2/ZIboHN6/oyxca3MWo7fW