Securing Starter Deployments
You should enable authentication for deployments you create with the ArangoDB Starter before starting them the first time
The password that is set for the root user during the installation of the ArangoDB package has no effect in case of deployments done with the tool ArangoDB Starter, as this tool creates new database directories and configuration files that are separate from those created by the stand-alone installation.
Assuming you have enabled authentication in your Starter deployment (using --auth.jwt-secret=<secret-file>
), by default
the root user will be created with an empty password.
In order to the change the password of the root user, you can:
- Open the ArangoDB web interface and change the password from there. More information.
- Open arangosh and use the
users.replace()
function.
In case you would like to automate the root password change, you might use the
--javascript.execute-string
option of the arangosh binary, e.g.:
arangosh --server.endpoint your-server-endpoint \
--server.password "" \
--javascript.execute-string 'require("@arangodb/users").update("root", "mypwd");'
where “mypwd” is the new password you want to set.
If your Starter deployment has authentication turned off, it is suggested to turn it on using a JWT secret file. For more information on this topic, please refer to the Starter Option page.
Note that you cannot easily turn authentication on/off once your deployment
has started for the first time. It is possible to stop all Starters and then
manually modify all the arangod.conf
files in yor data directory, but this is not recommended.