How do you set the admin password for an install

I was not able to set the initial password. I tried setting the cfadmin password (New Server build), then coping the hash to a new server then restarting. This would not work. Because of this, I could not use use build automation or auto scaling (Elastic Beanstalk). I assume that eventually that someone would add a “set password” in the cli installl script or create a method to set the password hash. All the best…

– Billy Dale

How are you installing Lucee? Is it a Docker container or something else?

If it is Docker, can you post your Dockerfile?

Did you copy the salt as well? The password hash is based on that. Also check out CFConfig which allows you to script a password with a single line:

box cfconfig set adminPassword=myPass 

Ended up doing a sed replace to set the password in the container.

run sed -i 's/<cfLuceeConfiguration.*>/<cfLuceeConfiguration hspw="xxxx" salt="xxxx" version="5.2">/g' /opt/lucee/server/lucee-server/context/lucee-server.xml
run sed -i 's/<cfLuceeConfiguration.*>/<cfLuceeConfiguration hspw="xxxx" salt="xxxx" version="5.2">/g' /opt/lucee/web/lucee-web.xml.cfm

Does any know the exact algorithm used to generate the password and salt. I would like to generate this with codebuild/“parameter store” and inject to the container during the build.

Sounds like a lot more work instead of just using a tool like CFConfig that also can automate nearly every other setting in your admin.

Does any know the exact algorithm used to generate the password and salt

CFConfig does :slight_smile: Did you look at the code for CFConfig? I’ll give you a push in the right direction:

Check out the source code repo for that package. It is what CFConfig uses.

can cfconfig pull passwords from remote secret stores? (or urls?)

CFConfig is a service layer wrapped in a CLI tool, so you can pull the values from anywhere you like. The JSON files it imports can also expand environment variables in-place which matches the standard cloud deployments.

And furthermore, if you’re using CommandBox to start your server (not a requirement for using CFConfig) it will pick up ad-hoc env vars by convention too.

Hi Brad, I think setting adminPassword in commandbox 5.1.0+00186 does not work properly if cfconfigfile is listed in server.json (but other properties, e.g., datasources, do work).

If we set cfconfigfile in server.json, it doesn’t pick up adminPassword. However, if we set it in JSON cfconfigfile or via an environment variable , it seems to be picked up. Furthermore, manually setting in box via cfconfig set adminPassword=blah does not work. cfconfig show adminPassword says it doesnt exist.