What is the default admin password when installing via helm chart?

[sbuvaneshkumar]

I was able to install infisical via helm chart as described in https://github.com/Infisical/infisical/blob/main/docs/self-hosting/deployments/kubernetes.mdx.
However, there is no info regarding the default username/ password to login in the UI.
What is the default username/password to login in the UI?

[vmatsiiako]

Hi @sbuvaneshkumar! Unfortunately, we don't have a default username/password to login to the UI. Though I think that would be very useful, feel free to send a PR for that.

Also, you should join our Slack for users where we answer all of the questions within a couple minutes. Here is the link: https://join.slack.com/t/infisical-users/shared_invite/zt-1kdbk07ro-RtoyEt_9E~fyzGo_xQYP6g

[jessebot]

This would be a great feature! Are there cli commands we can run in perhaps an init container or init job? I could submit a PR if that's all that's needed.

I just checked and there's no way via the cli and your AI chat bot doesn't know either. All of your cli and SDKs are geared towards creating secrets, but nothing can create a user and so I can't create an initial user, which means I can't use infisical as a secrets management tool when bootstrapping a new cluster, because it doesn't have a user, so I can't automate creating the secrets for it to distribute to other apps. I'd need to use selenium to create a user in the middle of the automation init script to create a user so that I could start creating secrets. There has to be a way to do this, as you can create users, but there's no documentation on how you do that outside of the signups ui... I'll keep searching...

Update

I found where you set up a test user here: https://github.com/Infisical/infisical/blob/main/backend/src/utils/addDevelopmentUser.ts

I don't know how I would create something like this for an admin user though this is a popularly requested feature and I'd like to help, but it seems like your development team would need to take a look at this, as it's not trivial to add. Why do you allow disabling signups if you can't create an admin user to then create secrets and invites? Is there a way to create an invite that I'm missing or a way to automatically approve new users from certain domains or email addresses? If we can create an invite and then manually verify the email address on the cli in the container, I can write that code, but I'm just not sure where to start. Do you have a diagram illustrating your user creation flow anywhere?

Update 2

I found this issue where signs up being disabled after the first user account was implemented:
#421

But you still have to manually create a user account through the UI, which means anyone could create a user through the UI initially if they got to it before you did... is that secure? This opens up the UI to be used by anyone initially and still prevents proper IaC automation. The way mongodb, postgres, redis, argocd, nextcloud, etc do initial users is to have an initial admin user you can setup via the container env vars or an init container.

Update 3

It looks like @cloudymax created a proper issue, #873, for just the admin user, as this issue only refers to the password of the initial user. As far as the initial password, I think that should be either auto-generated and placed in a k8s secret for the user to grab after it's creation, or it could be set via an env variable.

[Salman2301]

Is anyone working on this?

[jessebot]

Last update was here: #874 (comment)