Securing Starter Deployments
The password that is set for the root user during the installation of the ArangoDB package has no effect in case of deployments done with the tool ArangoDB Starter, as this tool creates new database directories and configuration files that are separate from those created by the stand-alone installation.
Assuming you have enabled authentication in your Starter deployment (using
--auth.jwt-secret=<secret-file>), by default
the root user will be created with an empty password.
In order to the change the password of the root user, you can:
- Open the ArangoDB web interface and change the password from there. More information.
- Open an ArangoSH shell and use the function users.replace. More information.
where “mypwd” is the new password you want to set.
If your Starter deployment has authentication turned off, it is suggested to turn it on using a JWT secret file. For more information on this topic, please refer to the Starter Option page.
Note that you cannot easily turn authentication on/off once your deployment
has started for the first time. It is possible to stop all Starters and then
manually modify all the
arangod.conf files in yor data directory, but this is not recommended.