Add bcrypt export format

[gberche-orange]

Describe the problem/challenge you have

As a secretgen-controller user
In order to use a generated secret in workloads that expect bcrypt encoded password
I need the SecretTemplate to support a bcrypt export format beyond base64 encoding

Describe the solution you'd like
[A clear and concise description of what you want to happen. If applicable a visual representation of the UX.]

SecretTemplate to support an additional format field with default base64 and an additional bcrypt value

See

secretgen-controller/docs/secret-template.md

Lines 49 to 53 in a09e1b8

	template:
	#! data is used for templating in data that *is* base64 encoded, most likely Secrets.
	data:
	password: $(.password-secret.data.password)
	username: $(.username-secret.data.username)

In order to login to the WGE UI, you need to generate a bcrypt hash for your chosen password and store it as a secret in the Kubernetes cluster.

There are several different ways to generate a bcrypt hash, this guide uses gitops get bcrypt-hash from our CLI, which can be installed by following the instructions here.

Anything else you would like to add:

https://docs.gitops.weave.works/docs/installation/weave-gitops-enterprise/#6-configure-password

Similar request on ytt in carvel-dev/ytt#106

---

Vote on this request

This is an invitation to the community to vote on issues, to help us prioritize our backlog. Use the "smiley face" up to the right of this comment to vote.

👍 "I would like to see this addressed as soon as possible"
👎 "There are other more important things to focus on right now"

We are also happy to receive and review Pull Requests if you would like to work on this issue.

[neil-hickey]

hey @gberche-orange thanks for the suggestion! Yes, we would like to support bcrypt - we are open to PR's and happy to help if you might want to contribute. Otherwise I suspect due to current bandwidth of the team, this is a long term priority

[gberche-orange]

Thanks for considering this suggestion. I fully understand the necessary prioritization that the carvel team is carefully applying in hands with the community of users and contributors. I'm sorry that I'm unable to help beyond sharing feedback from my experience.

[tonygilkerson]

This functionality is needed to support Harbor. Here is how I am currently creating my Harbor secrets. Note the use of htpasswd is required for Harbor.

apiVersion: v1
kind: Secret
metadata:
  name: harbor-registry-password
  namespace: harbor
  annotations:
    # Only apply this password on install because the htpasswd function is not idempotent
    helm.sh/hook: post-install
type: Opaque
data:
  {{- $harborRegPass := randAlphaNum 32 }}
  REGISTRY_PASSWD: {{ $harborRegPass | b64enc | quote }}
  REGISTRY_HTPASSWD: {{ htpasswd "harbor_registry_user" $harborRegPass | b64enc | quote }}