agent icon indicating copy to clipboard operation
agent copied to clipboard
verified publisher icon kerberos-io

Issue: Environment Variables Ignored in Kerberos Agent Container via Portainer and user.json

Open AlexeyBoiler opened this issue 3 months ago • 3 comments

Description: When deploying the kerberos/agent container through Portainer and specifying environment variables (e.g., AGENT_USERNAME, AGENT_PASSWORD, AGENT_TIMEZONE) via the environment section or an .env file, the container still starts with default credentials and settings, ignoring the provided variables.

Observed Behavior: • Even with a fresh volume or after deleting the previous configuration files, the container continues to use the default username/password. • Adding environment variables in Portainer or via docker-compose.yml does not change the initial credentials.

Cause: • The Kerberos Agent image initializes its configuration only during the first container startup. • If the image includes a default init process that sets credentials, it may ignore environment variables and write the default values to the configuration file before reading the provided env vars. • Once the configuration file exists (even in a fresh volume, depending on image behavior), env vars are no longer applied.

Implications: • Environment variables for username, password, and timezone are effectively ignored unless the container image explicitly supports applying them at runtime. • Simply creating a new container or volume is insufficient to enforce new credentials.

AlexeyBoiler avatar Sep 02 '25 11:09 AlexeyBoiler

  1. Deploy kerberos/agent via Docker Compose or Portainer.
  2. Specify environment variables:

{ "bootstrapped": true, "username": "myuser", "password": "mypassword", "role": "admin", "language": "en" }

  1. Start the container with a fresh volume.
  2. Check the web interface → username/password remain default (admin).
  3. Edit user.json inside the volume to change the username/password.
  4. Restart the container → changes are lost; default credentials are restored.

Expected Behavior • Environment variables should set the container’s username/password on first start. • Manual edits to user.json should persist after container restarts.

Actual Behavior • Environment variables for username/password are ignored after first init. • Manual edits to user.json are overwritten on restart.

AlexeyBoiler avatar Sep 02 '25 11:09 AlexeyBoiler

Thank you for reporting! We will look into this.

KilianBoute avatar Sep 02 '25 12:09 KilianBoute

Thanks @AlexeyBoiler for the additional information. As suggested by @KilianBoute we will look into it.

cedricve avatar Sep 02 '25 12:09 cedricve