Support Custom Key for Authentication Secret

[gkoppura-github]

Currently, the NGINX Ingress Controller requires the basic authentication secret to have the key auth. However, some environments enforce strict secret structures where the authentication data is stored under a different key (e.g., token).

There is no built-in way to specify a custom key for authentication, making it difficult to integrate with systems that do not allow modifying secret keys.

Request:

Please add support for a custom key in the authentication secret via an annotation such as:

nginx.ingress.kubernetes.io/auth-secret-key: "token"

This would allow users to specify the exact key inside the secret instead of being forced to use auth.

Use Case:

Some enterprise environments enforce specific secret formats where credentials are stored under a predefined key (e.g., token).
Current workarounds require additional automation (e.g., init containers or external services), which adds operational overhead.
Allowing a configurable secret key would improve flexibility without breaking existing implementations.

Expected Behavior:
If the annotation nginx.ingress.kubernetes.io/auth-secret-key is set, the NGINX Ingress Controller should look for the specified key inside the secret instead of the default auth key.

Example Usage:

kind: Ingress
metadata:
  name: my-ingress
  annotations:
    nginx.ingress.kubernetes.io/auth-type: "basic"
    nginx.ingress.kubernetes.io/auth-secret: "my-auth-secret"
    nginx.ingress.kubernetes.io/auth-secret-key: "token"  # New annotation request
    nginx.ingress.kubernetes.io/auth-realm: "Authentication Required"

This would instruct the Ingress controller to look for credentials under the token key instead of auth.

Current Workarounds (Not Ideal):

Creating a new secret manually with the correct key.
Using an init container to copy the secret and rename the key dynamically.
Implementing an external authentication service.

Adding this feature would simplify integration and improve usability.

[k8s-ci-robot]

This issue is currently awaiting triage.

If Ingress contributors determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[strongjz]

Please read more about the project status here #13002

[github-actions]

This is stale, but we won't close it automatically, just bare in mind the maintainers may be busy with other tasks and will reach your issue ASAP. If you have any question or request to prioritize this, please reach #ingress-nginx-dev on Kubernetes Slack.