Change the otomi-admin password

This how to provides step-by-step instructions to reset the otomi-admin password.

Prerequisites:

  • You must have access to the Keycloak admin console
  • Docker needs to be installed and configured
  • SOPS should be set up with Age encryption (default in LKE)

Change the password

Step 1: Generate a new password

# Generate a random 16-character alphanumeric password
head /dev/urandom | LC_ALL=C tr -dc A-Za-z0-9 | head -c 16
# Example output: FPpLvZyAdAmuzc3N

Step 2: Change admin password in Keycloak

  1. Go to platform view and click secrets

  2. Log in to Keycloak as the otomi-admin user.

  3. Go to Users in the left-hand sidebar and find the otomi-admin user.

  4. Navigate to the Credentials tab.

  5. Change the password to the one you generated.

  6. Save changes (set Temporary to Disabled).

📘

Don’t make any other changes during this operation.

Step 3: Change admin password in via platform web interface

  1. Select platform view and choose secrets

  2. Click 'Otomi-Secrets'

  3. Click the lock icon at the adminPassword property

  4. Set new password

  5. Click the Save Changes button

Step 4: Apply the Changes

  1. Wait until the SealedSecret is synced

  2. After the pipeline completes, restart the otomi-api and apl-keycloak-operator to ensure it applies the new credentials.

    kubectl rollout restart deployment -n otomi otomi-api
    kubectl rollout restart deployment -n apl-keycloak-operator apl-keycloak-operator
  3. Verify that the platform is working as expected with the new credentials.

This completes the password reset process for otomi-admin.


Did this page help you?