Summary
The bootstrap flow persists the initial admin password into config.php and also passes NC_admin_password into the long-lived manager container, even though that container does not need it.
Evidence
configs/installer/nextcloud_config_default.php:33-53 copies NC_admin_password into $CONFIG.configs/installer/nextcloud_config_default.php:81-86 rewrites config.php with that value.compose.yaml:149-150 passes NC_admin_password to installer.compose.yaml:269-270 passes NC_admin_password to manager.
Risk
A one-time bootstrap secret becomes a standing credential on disk and in container metadata. That increases the impact of host access, volume disclosure, backups, or container inspection.
Suggested Remediation
- Do not persist
admin_password into config.php after installation.
- Remove
NC_admin_password from the manager service environment.
- Prefer a one-time bootstrap secret flow or secret mount instead of a long-lived environment variable.
Related
Summary
The bootstrap flow persists the initial admin password into
config.phpand also passesNC_admin_passwordinto the long-livedmanagercontainer, even though that container does not need it.Evidence
configs/installer/nextcloud_config_default.php:33-53copiesNC_admin_passwordinto$CONFIG.configs/installer/nextcloud_config_default.php:81-86rewritesconfig.phpwith that value.compose.yaml:149-150passesNC_admin_passwordtoinstaller.compose.yaml:269-270passesNC_admin_passwordtomanager.Risk
A one-time bootstrap secret becomes a standing credential on disk and in container metadata. That increases the impact of host access, volume disclosure, backups, or container inspection.
Suggested Remediation
admin_passwordintoconfig.phpafter installation.NC_admin_passwordfrom themanagerservice environment.Related
occ maintenance:installwrites wrong config into theconfig.phpfile #12