Skip to content

Make users change default admin passwords and secrets for production deployments #1333

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

Make users change default admin passwords and secrets for production deployments #1333

wants to merge 7 commits into from

Conversation

@Nayana-R-Gowda
Copy link
Collaborator

Signed-off-by: NAYANAR nayana.r5@ibm.com

🐛 Bug-fix PR

📌 Summary

What problem does this PR fix and why?
Make users change default admin passwords and secrets for production deployments

🧪 Verification

Check Command Status
Lint suite make lint pass
Unit tests make test pass

📐 MCP Compliance (if relevant)

  • Matches current MCP spec
  • No breaking change to MCP clients

✅ Checklist

  • Code formatted (make black isort pre-commit)
  • No secrets/credentials committed

@NAYANAR0502
Make users change default admin passwords and secrets for production …
055ad7d 
…deployments

Signed-off-by: NAYANAR <nayana.r5@ibm.com>
@NAYANAR0502
ruff fix
3f84b92 
Signed-off-by: NAYANAR <nayana.r5@ibm.com>
@NAYANAR0502
ruff check
5974cf5 
Signed-off-by: NAYANAR <nayana.r5@ibm.com>
@jonpspri
Copy link
Contributor

I just plowed through a whole bunch of passwords and other secrets in config.py that were not using SecretStr, so you may want to look at #1330 and rebase or integrate to it, perhaps with SecretStr conditional logic.

@NAYANAR0502
Creates a temporary echo script, starts it via StdIOEndpoint with a s…
25284b7 
…afe environment, sends input, and ensures proper cleanup

Signed-off-by: NAYANAR <nayana.r5@ibm.com>
@NAYANAR0502
# nosec B105 tells Bandit to ignore this line during its security sca…
1acadb9 
…n for the “hardcoded password string” rule

Signed-off-by: NAYANAR <nayana.r5@ibm.com>
@NAYANAR0502
Trim Trailing Whitespace
6349a24 
Signed-off-by: NAYANAR <nayana.r5@ibm.com>
@NAYANAR0502
make server_fastmcp.py executable (chmod +x) if it’s a runnable scrip…
284975e 
…t, or remove its shebang

Signed-off-by: NAYANAR <nayana.r5@ibm.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@crivetimihai crivetimihai Awaiting requested review from crivetimihai crivetimihai is a code owner

@kevalmahajan kevalmahajan Awaiting requested review from kevalmahajan kevalmahajan is a code owner

@madhav165 madhav165 Awaiting requested review from madhav165 madhav165 is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Nayana-R-Gowda @jonpspri @NAYANAR0502