Question: change default password

[thoefkens]

Hi all,

what is the best way to change the default "secret" password for the restheart admin?

Can we write to the collection directly or do we have to go via the REST api or is there some other means of initializing the restheart user collection with a predefined set of users/admins - what is your recommended approach?

thanks
Thomas

[ujibang]

1 Via configuration at first startup

You can set the configuration option /mongoRealmAuthenticator/create-user-document. This is used to create the admin user on the very first startup:

Look in the configuration you find this comment:

  # create-user-document.password must be hashed when bcrypt-hashed-password=true
  # default password is 'secret'
  # see https://bcrypt-generator.com but replace initial '$2y' with '$2a'

The following configuration override defines the password to be supersecret:

RHO='/mongoRealmAuthenticator/create-user-document->{"_id": "admin", "password": "$2a$12$HjQZAOoW0q9SB0xgMy362O8.d.Ve.ywJm7M0c0c9h7qmmq25gBv.m", "roles": ["admin"]}'

2 Using the REST API

You can also update it using the REST API. In this case just send the plain password, RESTHeart will encrypt it automatically.

With curl you can

$ curl -u admin:secret -X PATCH localhost:8080/users/admin -H "Content-Type: application/json" -d '{ "password": "my-strong-password" }'

More info at https://restheart.org/docs/security/user-management

3 writing to the collection directly

Finally yuo can update the admin document, setting the password. In this case you need to bcrypt it.