Update DB Password on Docker Installation

Hi, I have read the article here:
https://help.passbolt.com/configure/database/credentials

and it is fairly straightforward. I have an existing installation of passbolt and I need to change the password on the DB. I see the settings for the docker file, but how do I log onto the DB and make the change in password to the new one being used in the edited docker file?

Hi @David Welcome to the forum!

It’s actually a user with a password, and the user has been granted rights to the database. Here are some general instructions that should help.

To see the database users, you have to enter into the container while it’s running with something like:
docker exec -it <your mariadb container name here> bash
which would start an interactive shell in the running container.

Then log into MariaDB as the root user with mysql command or mysql -u root.

See all the users for your database:
SELECT User, Host FROM mysql.user;

You will see something like this:

+-------------------+-----------+-----------------------+
| User              | Host      | plugin                |
+-------------------+-----------+-----------------------+
| mariadb.sys       | localhost | mysql_native_password |
| mysql             | localhost | mysql_native_password |
| passbolt          | localhost | mysql_native_password |
| root              | localhost | mysql_native_password |
+-------------------+-----------+-----------------------+

What you want to do is change the password for the passbolt user, and this is a MariaDB command.

MariaDB ALTER USER command

ALTER USER 'passbolt'@'localhost' IDENTIFIED VIA mysql_native_password  USING PASSWORD('new_password_in_plain_text');

Change accordingly so the Host parameter is what ever it shows if it’s not localhost.

It should match the password you will use in the environment variables for your Docker passbolt install.

1 Like

Hi garrett, thanks very much for the quick response. I’m running into the ERROR 1045 (2800) Access denied for user ‘root’@‘localhost’ which I have encountered before. I have tried logging in with the ‘passbolt’ user and the default password (mysql -u passbolt -p) and am able to login but I get an ERROR 1142 (42000): SELECT command denied to user ‘passbolt’@‘localhost’ for table ‘mysql’, ‘user’.

In the docker .yaml file there is a line that is written as follows:
MYSQL_RANDOM_ROOT_PASSWORD: "true"

I suspect that if I use mysql -u root -p and know the password for root, I can complete the commands you have listed. I do not recall giving a password to a root user for the MariaDB database.

Thank you for your help.

Oops :upside_down_face:

Forgot about that security measure.

The approach then is to follow an upgrade but not for the purposes of an upgrade. Essentially, migrate to a new container with new db credentials.

Migrating passbolt to new Docker

And don’t skip the very important step of backing up which the link above speaks of right at the beginning.

How to backup passbolt Docker

Hi garrett, thank you again for your reply. Do you know if the installation process prompts for a root password? I can just install again since I really have no data yet in the passbolt. If it should have prompted I most likely know the root password I would have used, however I did try that password with mysql -u root -p. I don’t know what that line in the .yaml file is doing. Does it create a new password each time the docker container is brought up?

@David No, it doesn’t because of the environment variable set: MYSQL_RANDOM_ROOT_PASSWORD: "true"

For reference: MYSQL_RANDOM_ROOT_PASSWORD setting - MySQL docs

I had forgotten this is in place as a default security choice. Because it is, you weren’t prompted to set the root password - it was randomized.

Hi,

While running the mariadb container for the first time, the random root generated password is displayed in clear text in container logs.

If you want to use your own password, you can use the MARIADB_ROOT_PASSWORD variable instead of MARIADB_RANDOM_ROOT_PASSWORD.

It is written in the doc, section environment variables: Docker

Best,

1 Like