Change the Default Mosip Modules password

Owned by Chandra Keshav Mishra, created
Feb 18, 2021
4 min read

For changing the default passwords of the mosip modules we need to change the parameters in config-repo as well after following the below mentioned steps:

The config parameters to be updated are as follows:
Passwords to be updated for DB:

  1. admin-mz.properties:
    javax.persistence.jdbc.password: → DB Passwords //// master DB password
    mosip.admin-services.open-id.clientsecret → mosip-admin-services-client secret key
    mosip.iam.module.clientsecret → mosip-admin-client secret key

  2. applicatrion-mz.properties
    mosip.kernel.pdf_owner_password → Any value as per need
    object.store.s3.secretkey → Minio password

  3. datashare-mz.properties
    data.share.token.request.secretKey → mosip-datsha-client secret key
    data.share.token.request.password → un-assigned parameter //// It is there in case in future userid and password is used in case..

  4. id-authentication-mz.properties
    mosip.ida.database.password → DB Passwords
    mosip.ida.auth.secretKey → mosip-ida-client secret
    ida-websub-authtype-callback-secret → can be anything
    ida-websub-credential-issue-callback-secret → can be anything just used for subcription
    mosip.kernel.keymanager.softhsm.keystore-pass → Softhsm Password
    keymanager_database_password → ida db password

  5. id-repository-mz.properties
    mosip.idrepo.db.identity.password → idrepo db password
    mosip.idrepo.db.vid.password → idmap db password
    mosip.credential.service.jdbc.password → credential service db password
    credential.request.token.request.secretKey → mosip-crereg-client secret key
    credential.service.token.request.secretKey → mosip-creser-client secret key

  6. Kernel-mz.properties
    mosip.kernel.keymanager.softhsm.keystore-pass → keystore pass
    mosip.kernel.auth.secret.key → mosip-auth-client secret key
    mosip.kernel.ida.secret.key → mosip-ida-client secret key
    admin_database_password → admin db password
    syncjob_database_password → syncjob db password
    audit_database_password → audit db password
    masterdata_database_password → master db password
    uin_database_password → uin db password
    id_database_password → id db password
    vid_database_password → kernel db password
    prid_database_password → prid db password
    keymanager_database_password → keymanager db password
    otpmanager_database_password → kerneluser db password
    syncdata_database_password → masteruser password
    licensekeymanager_database_password → masteruser password
    ridgenerator_database_password → regprcuser password
    iam.datasource.password → iamuser password
    db_1_DS.datastore.password → iamuser password //// can be anything.
    db_2_DS.datastore.password → iamuser password //// can be anything.
    mosip.admin.clientsecret → mosip-admin-client secret key
    db_3_DS.keycloak.password → keycloak db password
    mosip.keycloak.admin.secret.key → admin-cli secret key
    mosip.kernel.prereg.secret.key → mosip-prereg-client secret key
    mosip.kernel.registrationclient.secret.key → mosip-reg-client secret key

  7. partner-management-mz.properties
    mosip.pmp.database.password → pmp db password
    mosip.authdevice.database.password → authdeviceuser password
    mosip.regdevice.database.password → regdevice db password
    mosip.pmp.auth.secretKey → mosip-partner-client secret key
    mosip.keycloak.admin.secret.key → keycloak password

  8. pre-registration-mz.properties
    javax.persistence.jdbc.password → prereg db password
    mosip.batch.token.authmanager.password → mosip-prereg-client secret key
    secretKey → mosip-prereg-client secret key
    google.recaptcha.site.key → recaptcha site key
    google.recaptcha.secret.key → recaptcha secret key

  9. print-mz.properties
    mosip.event.secret → used for websub callback can be anything...
    token.request.password → currently not used can be commented out
    token.request.secretKey → mosip-regproc-client secret key

  10. Registration-processor-dmz.properties
    javax.persistence.jdbc.password → regpruser db password
    token.request.secretKey → mosip-regproc-client secret key

  11. Registration-processor-mz.properties
    javax.persistence.jdbc.password → regperuser db password
    token.request.password → as of now no need
    token.request.secretKey → mosip-regproc-client secret key
    registration.processor.queue.password → activemq password

  12. Resident-mz.properties
    resident.secretKey → mosip-resident-client secret key
    token.request.secretKey → mosip-regproc-client secret key

Instructions

  1. Update the new passwords in the secrets.yaml in the mosip-infra.

  2. After modifying default passwords in secrets.yml, generate the ciphers of these passwords using below command from the console once the config-server is up and running or the scripts provided later:
    curl http://mzworker0.sb:30080/config/encrypt -d <string password to be encrypted>
    https://github.com/mosip/mosip-infra/tree/1.1.3/deployment/sandbox-v2/utils/secrets

  3. Once after creating the ciphers of the required passwords needed to update it in all the required fields in property files in config-repo.

  4. For all the Keycloak’s secrets changes needed to change the secrets in the below yaml and then run the keycloak playbook.
    https://github.com/mosip/mosip-infra/blob/1.1.3/deployment/sandbox-v2/roles/keycloak-init/defaults/main.yml
    command to run playbook from sb folder:
    an playbooks/keycloak.yml

 

Filter by label

There are no items with the selected labels at this time.