[keycloak-user] Securely setting admin passwords
Marek Posolda
mposolda at redhat.com
Wed Feb 17 15:52:57 EST 2016
You can create the file in some "safe" environment (your laptop) and
then share the file with docker via volume and copy to the
standalone/configuration of the server? The created JSON file doesn't
contain password in plain text, but it's encoded.
Also the "add-user.sh" script doesn't need server to be running.
Finally, uf you don't need automated way, you can set it manually after
first startup when going to http://localhost:8080/auth
Marek
On 17/02/16 17:09, Aikeaguinea wrote:
> It seems the add-user.sh script for changing the admin password only
> accepts the password as a -p command-line parameter. This would expose
> the password in the command history, so I'd prefer not to use the
> command in its current form.
>
> Is there another way to do this?
>
> The situation is even more complicated with Docker, since running the
> script to change the Wildfly admin password requires restarting the
> server, which shuts down the container. If you have an autoscaling
> group, the container that gets brought up is not the container where you
> changed the password, but instead the original container. This seems to
> mean that the only way to have Keycloak run in Dockers in an autoscaling
> group is to bake the admin passwords into the Docker image beforehand.
> This isn't ideal; less so if the only way to add those passwords during
> build time is to run the shell script that exposes the password on the
> command line.
>
More information about the keycloak-user
mailing list