Re: [keycloak-user] Securely setting admin passwords

On 17 February 2016 at 17:09, Aikeaguinea <aikeaguinea(a)xsmail.com <mailto:aikeaguinea@xsmail.com>> wrote: It seems the add-user.sh script for changing the admin password only accepts the password as a -p command-line parameter. This would expose the password in the command history, so I'd prefer not to use the command in its current form. That's a mistake we'll fix that. If not specified it should prompt for it. Added https://issues.jboss.org/browse/KEYCLOAK-2501

Is there another way to do this? The situation is even more complicated with Docker, since running the script to change the Wildfly admin password requires restarting the server, which shuts down the container. If you have an autoscaling group, the container that gets brought up is not the container where you changed the password, but instead the original container. This seems to mean that the only way to have Keycloak run in Dockers in an autoscaling group is to bake the admin passwords into the Docker image beforehand. This isn't ideal; less so if the only way to add those passwords during build time is to run the shell script that exposes the password on the command line. You need to set the password once for your database. This can be done prior to accessing the admin console the first time. Take a look at https://github.com/jboss-dockerfiles/keycloak/blob/master/server/README.md, you can use docker exec to do this. -- http://www.fastmail.com - Access your email from home and the web _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org> https://lists.jboss.org/mailman/listinfo/keycloak-user _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user