Skip to main content

Changing the default user credentials

Default User Credential

The 'datahub' root user is created for you by default. This user is controlled via a user.props file which JaaS Authentication is configured to use:

By default, the credential file looks like this for each and every self-hosted DataHub deployment:

// default user.props
datahub:datahub

Obviously, this is not ideal from a security perspective. It is highly recommended that this file is changed prior to deploying DataHub to production at your organization.

note

Please note that deleting the Data Hub user in the UI WILL NOT disable the default user. You will still be able to log in using the default 'datahub:datahub' credentials. To safely delete the default credentials, please follow the guide provided below.

Changing the default user datahub

Helm chart

You'll need to create a Kubernetes secret, then mount the file as a volume to the datahub-frontend pod.

1. Create a new config file

Create a new version user.props which defines the updated password for the datahub user.

To remove the user 'datahub' from the new file, simply omit the username. Please note that you can also choose to leave the file empty. For example, to change the password for the DataHub root user to 'newpassword', your file would contain the following:

// new user.props
datahub:newpassword

2. Create a kubernetes secret

Create a secret from your local user.props file.

kubectl create secret generic datahub-users-secret --from-file=user.props=./<path-to-your-user.props>

3. Mount the config file

Configure your values.yaml to add the volume to the datahub-frontend container.

datahub-frontend:
...
extraVolumes:
- name: datahub-users
secret:
defaultMode: 0444
secretName: datahub-users-secret
extraVolumeMounts:
- name: datahub-users
mountPath: /datahub-frontend/conf/user.props
subPath: user.props

4. Restart Datahub

Restart the DataHub containers or pods to pick up the new configs. For example, you could run the following command to upgrade the current helm deployment.

helm upgrade datahub datahub/datahub --values <path_to_values.yaml>

Note that if you update the secret you will need to restart the datahub-frontend pods so the changes are reflected. To update the secret in-place you can run something like this.

kubectl create secret generic datahub-users-secret --from-file=user.props=./<path-to-your-user.props> -o yaml --dry-run=client | kubectl apply -f -

Docker-compose

1. Modify a config file

Modify user.props which defines the updated password for the datahub user.

To remove the user 'datahub' from the new file, simply omit the username. Please note that you can also choose to leave the file empty. For example, to change the password for the DataHub root user to 'newpassword', your file would contain the following:

// new user.props
datahub:newpassword

2. Mount the updated config file

Change the docker-compose.yaml to mount an updated user.props file to the following location inside the datahub-frontend-react container using a volume:/datahub-frontend/conf/user.props

  datahub-frontend-react:
...
volumes:
...
- <absolute_path_to_your_custom_user_props_file>:/datahub-frontend/conf/user.props

3. Restart DataHub

Restart the DataHub containers or pods to pick up the new configs.

Quickstart

1. Modify a config file

Modify user.props which defines the updated password for the datahub user.

To remove the user 'datahub' from the new file, simply omit the username. Please note that you can also choose to leave the file empty. For example, to change the password for the DataHub root user to 'newpassword', your file would contain the following:

// new user.props
datahub:newpassword

2. Mount the updated config file

In docker-compose file used in quickstart. Modify the datahub-frontend-react block to contain the extra volume mount.

  datahub-frontend-react:
...
volumes:
...
- <absolute_path_to_your_custom_user_props_file>:/datahub-frontend/conf/user.props

3. Restart Datahub

Run the following command.

datahub docker quickstart --quickstart-compose-file <your-modified-compose>.yml