Add default admin password to Kubernetes secrets#113
Conversation
Add admin credentials secret creation with default password 'Password12345' for initial setup. Changes include: - New standalone script (create-admin-secret.sh) for creating admin credentials - Updated local-deploy-kubectl.sh to create streamspace-admin-credentials secret - Added ADMIN_PASSWORD environment variable to API deployment The secret uses the expected format: - Secret name: streamspace-admin-credentials - Keys: username, password, email Users should change the password after first login.
JoshuaAFerguson
deleted the
claude/add-admin-password-secrets-01P4G8Ks5ixpua866H8ZxVCd
branch
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| # Create admin credentials secret | ||
| if kubectl get secret streamspace-admin-credentials -n "${NAMESPACE}" &> /dev/null; then | ||
| log_warning "Secret streamspace-admin-credentials already exists" | ||
| else | ||
| kubectl create secret generic streamspace-admin-credentials \ | ||
| -n "${NAMESPACE}" \ | ||
| --from-literal=username=admin \ | ||
| --from-literal=password=Password12345 \ | ||
| --from-literal=email=admin@streamspace.local |
There was a problem hiding this comment.
The new secret creation logic provisions streamspace-admin-credentials with the fixed string Password12345 and injects it directly into the API container. Every deployment that runs this script will therefore share the same publicly known admin password until an operator manually changes it, which makes an exposed API trivially compromiseable if that step is skipped. Prefer generating a strong random password (as the Helm chart does) or requiring the caller to provide one before creating the secret so that no installation ships with universal credentials.
Useful? React with 👍 / 👎.
2 participants
Add admin credentials secret creation with default password 'Password12345' for initial setup. Changes include:
The secret uses the expected format:
Users should change the password after first login.