2 files changed, 23 insertions, 3 deletions

diff --git a/src/args.rs b/src/args.rs
index 590ac14..8de05ad 100644
--- a/src/args.rs
+++ b/src/args.rs
@@ -80,6 +80,14 @@ pub struct CliArgs {
     )]
     pub auth: Vec<auth::RequiredAuth>,
 
+    /// Read authentication values from a file. Example file content:
+    ///
+    /// joe:123
+    /// bob:sha256:a665a45920422f9d417e4867efdc4fb8a04a1f3fff1fa07e998e86f7f7a27ae3
+    /// bill:
+    #[arg(long, value_hint = ValueHint::FilePath, env = "MINISERVE_AUTH_FILE")]
+    pub auth_file: Option<PathBuf>,
+
     /// Use a specific route prefix
     #[arg(long = "route-prefix", env = "MINISERVE_ROUTE_PREFIX")]
     pub route_prefix: Option<String>,
@@ -249,7 +257,7 @@ fn parse_interface(src: &str) -> Result<IpAddr, std::net::AddrParseError> {
 }
 
 /// Parse authentication requirement
-fn parse_auth(src: &str) -> Result<auth::RequiredAuth, ContextualError> {
+pub fn parse_auth(src: &str) -> Result<auth::RequiredAuth, ContextualError> {
     let mut split = src.splitn(3, ':');
     let invalid_auth_format = Err(ContextualError::InvalidAuthFormat);
 
diff --git a/src/config.rs b/src/config.rs
index 2df9fdd..314d186 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -1,6 +1,7 @@
 #[cfg(feature = "tls")]
 use std::{fs::File, io::BufReader};
 use std::{
+    io::BufRead,
     net::{IpAddr, Ipv4Addr, Ipv6Addr},
     path::PathBuf,
 };
@@ -14,7 +15,7 @@ use http::HeaderMap;
 use rustls_pemfile as pemfile;
 
 use crate::{
-    args::{CliArgs, MediaType},
+    args::{parse_auth, CliArgs, MediaType},
     auth::RequiredAuth,
     file_upload::sanitize_path,
     renderer::ThemeSlug,
@@ -164,6 +165,17 @@ impl MiniserveConfig {
             _ => "".to_owned(),
         };
 
+        let mut auth = args.auth;
+
+        if let Some(path) = args.auth_file {
+            let file = File::open(path)?;
+            let lines = BufReader::new(file).lines();
+
+            for line in lines {
+                auth.push(parse_auth(line?.as_str())?);
+            }
+        }
+
         // Generate some random routes for the favicon and css so that they are very unlikely to conflict with
         // real files.
         // If --random-route is enabled , in order to not leak the random generated route, we must not use it
@@ -246,7 +258,7 @@ impl MiniserveConfig {
             path: args.path.unwrap_or_else(|| PathBuf::from(".")),
             port,
             interfaces,
-            auth: args.auth,
+            auth,
             path_explicitly_chosen,
             no_symlinks: args.no_symlinks,
             show_hidden: args.hidden,