[keycloak-user] Securely setting admin passwords

Stian Thorgersen sthorger at redhat.com
Thu Feb 18 02:15:07 EST 2016


On 17 February 2016 at 17:09, Aikeaguinea <aikeaguinea at xsmail.com> wrote:

> It seems the add-user.sh  script for changing the admin password only
> accepts the password as a -p command-line parameter. This would expose
> the password in the command history, so I'd prefer not to use the
> command in its current form.
>

That's a mistake we'll fix that. If not specified it should prompt for it.
Added https://issues.jboss.org/browse/KEYCLOAK-2501


>
> Is there another way to do this?
>
> The situation is even more complicated with Docker, since running the
> script to change the Wildfly admin password requires restarting the
> server, which shuts down the container. If you have an autoscaling
> group, the container that gets brought up is not the container where you
> changed the password, but instead the original container. This seems to
> mean that the only way to have Keycloak run in Dockers in an autoscaling
> group is to bake the admin passwords into the Docker image beforehand.
> This isn't ideal; less so if the only way to add those passwords during
> build time is to run the shell script that exposes the password on the
> command line.
>

You need to set the password once for your database. This can be done prior
to accessing the admin console the first time. Take a look at
https://github.com/jboss-dockerfiles/keycloak/blob/master/server/README.md,
you can use docker exec to do this.


>
> --
> http://www.fastmail.com - Access your email from home and the web
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160218/04907aaf/attachment-0001.html 


More information about the keycloak-user mailing list