Change system passwords

This topic describes how to change the encryption key password and the admin user’s password.

Additional admin user recommendation

If you have forgotten the password for the built-in admin user and you do not have the password for another user with the admin global permission, then you cannot authenticate with the Deploy server to change the admin password. It is strongly recommended that you create at least one additional user with the admin permission to prevent this situation.

Change the encryption key password

Passwords that are stored in the repository are encrypted with an encryption key that is stored in a keystore file called XL_DEPLOY_SERVER_HOME/conf/repository-keystore.jceks. For additional security, you can optionally protect the keystore file with a password. If a password is set, you need to enter it when the Deploy server starts.

Note: repository-keystore.jceks is one of two keystore concepts in Deploy. This keystore only contains the key used for encryption of passwords in the repository. If you use HTTPS, Deploy will use a second keystore file to store the self-signed certificate.

To change the keystore password, you can use the keytool utility that is provided with the Java JDK distribution:

keytool -storepasswd -keystore conf/repository-keystore.jceks -storetype jceks

The keytool utility will not read or set passwords that are shorter than 6 characters. If you want to change a keystore with an empty or short password, use KeyStore Explorer.

Change the admin user’s password

Deploy’s built-in admin user has administrative permissions. You set the admin password when you install Deploy. To change the admin password:

  1. Ensure that the Deploy server is running.
  2. Start the Deploy command-line interface (CLI) as the admin user or as another user with the admin global permission.
  3. Execute the following commands:

    adminUser = security.readUser('admin')
    adminUser.password = 'newpassword'
  4. Stop the Deploy server.
  5. In the XL_DEPLOY_SERVER_HOME/conf/deployit.conf file, set admin.password to the new password. Deploy will encrypt this password when it starts.
  6. Start the Deploy server.
  7. Test the credentials by executing the following command in the CLI:

    security.login('admin', 'newpassword')