Re: [keycloak-user] Securely setting admin passwords
You can create the file in some "safe" environment (your laptop) and
then share the file with docker via volume and copy to the
standalone/configuration of the server? The created JSON file doesn't
contain password in plain text, but it's encoded.
Also the "add-user.sh" script doesn't need server to be running.
Finally, uf you don't need automated way, you can set it manually after
first startup when going to http://localhost:8080/auth
Marek
On 17/02/16 17:09, Aikeaguinea wrote:
It seems the add-user.sh script for changing the admin password
only
accepts the password as a -p command-line parameter. This would expose
the password in the command history, so I'd prefer not to use the
command in its current form.
Is there another way to do this?
The situation is even more complicated with Docker, since running the
script to change the Wildfly admin password requires restarting the
server, which shuts down the container. If you have an autoscaling
group, the container that gets brought up is not the container where you
changed the password, but instead the original container. This seems to
mean that the only way to have Keycloak run in Dockers in an autoscaling
group is to bake the admin passwords into the Docker image beforehand.
This isn't ideal; less so if the only way to add those passwords during
build time is to run the shell script that exposes the password on the
command line.