diff --git a/scripts/kubernetes/create-basic-auth.sh b/scripts/kubernetes/create-basic-auth.sh
new file mode 100755
index 0000000..e1ebc7f
--- /dev/null
+++ b/scripts/kubernetes/create-basic-auth.sh
@@ -0,0 +1,111 @@
+#!/bin/bash
+
+
+# Usage:
+# ./create-basic-auth.sh -u USERNAME -p PASSWORD -n NAME [-s NAMESPACE] [-o OUTPUT_FILE]
+
+# Examples:
+# Output to stdout
+# ./create-basic-auth.sh -u admin -p mysecret -n myapp
+
+# Save to file with custom namespace
+# ./create-basic-auth.sh -u admin -p mysecret -n myapp -s production -o basic-auth.yaml
+
+# Generated output includes:
+# 1. A Secret containing the htpasswd-formatted credentials (apr1 hash)
+# 2. A Middleware resource referencing that secret
+
+# To use the middleware in an IngressRoute:
+# apiVersion: traefik.io/v1alpha1
+# kind: IngressRoute
+# metadata:
+# name: myapp
+# spec:
+# routes:
+#     - match: Host(`example.com`)
+#     middlewares:
+#         - name: myapp-basic-auth
+#     services:
+#         - name: myapp
+#         port: 80
+
+set -e
+
+# Default values
+NAMESPACE="default"
+OUTPUT_FILE=""
+
+usage() {
+    echo "Usage: $0 -u USERNAME -p PASSWORD -n NAME [-s NAMESPACE] [-o OUTPUT_FILE]"
+    echo ""
+    echo "Creates a Traefik BasicAuth middleware YAML with Secret"
+    echo ""
+    echo "Required:"
+    echo "  -u USERNAME    Username for basic auth"
+    echo "  -p PASSWORD    Password for basic auth"
+    echo "  -n NAME        Name for the middleware and secret"
+    echo ""
+    echo "Optional:"
+    echo "  -s NAMESPACE   Kubernetes namespace (default: default)"
+    echo "  -o OUTPUT_FILE Output file path (default: stdout)"
+    echo "  -h             Show this help message"
+    exit 1
+}
+
+# Parse arguments
+while getopts "u:p:n:s:o:h" opt; do
+    case $opt in
+        u) USERNAME="$OPTARG" ;;
+        p) PASSWORD="$OPTARG" ;;
+        n) NAME="$OPTARG" ;;
+        s) NAMESPACE="$OPTARG" ;;
+        o) OUTPUT_FILE="$OPTARG" ;;
+        h) usage ;;
+        *) usage ;;
+    esac
+done
+
+# Validate required arguments
+if [[ -z "$USERNAME" || -z "$PASSWORD" || -z "$NAME" ]]; then
+    echo "Error: Username, password, and name are required"
+    usage
+fi
+
+# Generate htpasswd string (using openssl for bcrypt-like hash)
+# Traefik accepts apr1 (Apache MD5) format
+HTPASSWD=$(printf '%s' "$PASSWORD" | openssl passwd -apr1 -stdin)
+CREDENTIALS="${USERNAME}:${HTPASSWD}"
+
+# Base64 encode the credentials for the secret
+CREDENTIALS_B64=$(echo -n "$CREDENTIALS" | base64)
+
+# Generate the YAML
+YAML_CONTENT=$(cat <<EOF
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: ${NAME}-basic-auth
+  namespace: ${NAMESPACE}
+type: Opaque
+data:
+  users: ${CREDENTIALS_B64}
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: ${NAME}-basic-auth
+  namespace: ${NAMESPACE}
+spec:
+  basicAuth:
+    secret: ${NAME}-basic-auth
+EOF
+)
+
+# Output
+if [[ -n "$OUTPUT_FILE" ]]; then
+    echo "$YAML_CONTENT" > "$OUTPUT_FILE"
+    echo "YAML written to: $OUTPUT_FILE"
+else
+    echo "$YAML_CONTENT"
+fi