Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replace admin:admin default credentials with environment variable password #3286

Closed
5 tasks
stephen-crawford opened this issue Sep 1, 2023 · 2 comments
Closed
5 tasks

Replace admin:admin default credentials with environment variable password #3286

stephen-crawford opened this issue Sep 1, 2023 · 2 comments
Labels
enhancement New feature or request triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable.

Comments

@stephen-crawford
Copy link
Contributor

stephen-crawford commented Sep 1, 2023
edited
Loading

This issue describes the tasks required to replace the basic admin:admin default credentials with an alternative method which takes a provided password from a defined environment variable. This issue results from https://github.com/OpenSearch-Security/OpenSearch-Security/issues/3. It is a twin issue to #3285.

The tasks required to complete this include:

  • Update documentation on how to set environment variable (2 hours)
  • Add code to parse the environment variable on launch (3 hours)
  • Reconcile configuration issues for multi-node clusters (1 day)
  • Make sure nodes sync admin credentials in config to match the env. variable (1 day)
  • Mark cluster after first password use (1 day) *

This issue can be closed when all of the listed tasks are completed.

  • Note: @peternied noted that we may not need to mark the cluster. However, I am still not sure. From what I was thinking, the issue with not marking the cluster in some way is that we want to be able to change the password like normal afterwards. If we provide a password <MY_DEFAULT>, we want to be able to then swap the admin password to <NEW_PASSWORD> as normal. If we are not marking the cluster in someway or wiping the variable, then we will be resetting the password to the password in the environment. This should be addressed during the PR(s) making these changes.
@stephen-crawford stephen-crawford added enhancement New feature or request untriaged Require the attention of the repository maintainers and may need to be prioritized labels Sep 1, 2023
@davidlago davidlago mentioned this issue Sep 8, 2023
Closed
5 tasks
@stephen-crawford
Copy link
Contributor Author

[Triage] This is a follow-up to the existing issue: #3285. Going to mark triaged given the prior interest in completing the issue.

@stephen-crawford stephen-crawford added triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable. and removed untriaged Require the attention of the repository maintainers and may need to be prioritized labels Sep 11, 2023
@peternied
Copy link
Member

Change #3329 also resolves this issue

@DarshitChanpura DarshitChanpura mentioned this issue Oct 27, 2023
Closed
23 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@peternied @stephen-crawford