What is a secure way of creating a new admin? #2724
apkatsikas
started this conversation in
General
Replies: 1 comment 1 reply
-
Thanks for the nice words! Almost all config options can be used as environment variables, so you could start Navidrome for the first time using the following command:
After it creates the password (you can see from the logs), you just ^C and start it the normal way. Hope this helps. |
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi!
Really impressed with this project and playing around a bit today installing from source.
I understand I can create a new admin through the web UI on first launch, and while it is unlikely I would have any "competition", it seems if I am publicly exposing the service, that anyone else could be first-to-register.
The
DevAutoCreateAdminPassword = "password"
option is nice but has the issue of plain text storing the password on disk. Maybe there is an option to run it as a command line flag which could be a more secure option?I attempted replacing the db file with a pre-configured one but that did not seem to work, and it appears you really need a migration script to do that - #2545
Is there a preferred way of doing this that would be optimal from a security perspective?
Beta Was this translation helpful? Give feedback.
All reactions