Securing Starter Deployments
The password that is set for the root user during the installation of the ArangoDBpackage has no effect in case of deployments done with the tool ArangoDB Starter,as this tool creates new database directories and configuration files that areseparate from those created by the stand-alone installation.
Assuming you have enabled authentication in your Starter deployment (using —auth.jwt-secret=<secret-file>
), by defaultthe root user will be created with an empty password.
In order to the change the password of the root user, you can:
- Open the ArangoDB web UI and change the password from there. More information.
- Open an ArangoSH shell and use the function users.replace. More information.
In case you would like to automate the root password change, you might use the —javascript.execute-string option of the arangosh binary, e.g.:
arangosh --server.endpoint your-server-endpoint \
--server.password "" \
--javascript.execute-string 'require("org/arangodb/users").update("root", "mypwd");'
where “mypwd” is the new password you want to set.
If your Starter deployment has authentication turned off, it is suggested toturn it on using a JWT secret file. For more information on this topic, pleaserefer to the StarterOption page.
Note that you cannot easily turn authentication on/off once your deploymenthas started for the first time. It is possible to stop all Starters and thenmanually modify all the arangod.conf
files in yor data directory, but this is not recommended.