arcadedb icon indicating copy to clipboard operation
arcadedb copied to clipboard
verified publisher icon ArcadeData

Changing arcadedb.server.rootPassword after root account was created should probably update the password

Open ExtReMLapin opened this issue 9 months ago • 7 comments

Title, long story short, if you use JAVA_OPTS="-Darcadedb.server.rootPassword=rootroot on the first arcade boot, it will not ask the password in stdin, but if you change it (in the ENV vars), it will not use the new given password

ExtReMLapin avatar Mar 12 '25 15:03 ExtReMLapin

Exact usage is the following :

We're releasing our tool using docker, outside of the docker image, there is a config.ini file that decides what is the admin password (yes, hardcoded)

We want arcadedb to read this password and change it everytime the docker instance is started, and to do so we need to allow root password to be changed using env variables

ExtReMLapin avatar Mar 12 '25 15:03 ExtReMLapin

Hi, so one way to do this is to use the server.rootPasswordPath setting, which points to a file containing the password. For example with Docker Compose you can pass a secret as mounted file (under /run/secrets) and the containered program can read the password from there, in this case ArcadeDB.

gramian avatar Mar 12 '25 15:03 gramian

Thanks for the answer @gramian but reading the code : server.rootPasswordPath is saved to GlobalConfiguration.SERVER_ROOT_PASSWORD_PATH which is only used inside askForRootPassword ... which is only called when root account does not exist.

However I understand I should update the PR to take this alternative root password assignation way

Edit : christ, when I type in english on github issues i forget 1/5th of the words 💀

ExtReMLapin avatar Mar 12 '25 15:03 ExtReMLapin

... which is only called when root account does not exist.

Isn't that the point? So you provide a generic ArcadeDB image which is on every instantiation specialized with the provided secret.

gramian avatar Mar 12 '25 16:03 gramian

I could be not correctly understanding what you mean. I provide an image with ArcadeDB and my application. Data is stored outside of the image, including databases of arcadedb, server-users.jsonl and a config.ini file that will let the user choose the password of arcadedb so he can connect to it however he want and change the password even after the first arcadedb boot.

I could be using server.rootPasswordPath or server.rootPassword it doesn't change anything because it's only used on first boot.

I want to be able to change the password on the fly, maybe not at runtime but on next boot.

ExtReMLapin avatar Mar 12 '25 16:03 ExtReMLapin

Hmm, so but you only want to alter the root password as I understand you(?). You could delete the line for the root user from the external server-users.jsonl file and let the root user be created every time when the image is started (with the provided secret as above), couldn't you? Sorry if I don't grasp the your problem here.

gramian avatar Mar 12 '25 16:03 gramian

Hmm, so but you only want to alter the root password as I understand you(?). You could delete the line for the root user from the external server-users.jsonl file and let the root user be created every time when the image is started (with the provided secret as above), couldn't you? Sorry if I don't grasp the your problem here.

Yes this could also works. I didn't think about that 🤷‍♂

ExtReMLapin avatar Mar 12 '25 16:03 ExtReMLapin