Change built-in admin pwd without destroing created users

Hello,

please, is it possible to change internal admin pwd without destroing all internal users created via GUI or API? WHen I tried so via generating new hash and putting it into internal_users.yml and applied using securityadmin.sh , all of my manually created users were gone…
Is there some way to preserve them? I have more than 20 users with different roles and even tenants, so not much want ro recreate all manually again.

Thanks

@Fsitler Yes, the easiest way is to export all the config, make the charges, then upload the config again. That way all the previously defined config remains intact.
You can use the “-r” parameters with securityadmin.sh script, something like this:

./securityadmin.sh -cd /usr/share/opensearch/plugins/opensearch-security/securityconfig/ -icl -nhnv -cacert /usr/share/opensearch/config/certs/root-ca.pem -cert /usr/share/opensearch/config/certs/admin-crt.pem -key /usr/share/opensearch/config/certs/admin-key.pem -r

Hope this helps

1 Like

@Anthony Thanks. I will try. What exactly does it do? I think I have no seen the -r switch in documentation?

@Fsitler “-r” (–retrieve) retrieves all the configuration from the security index and stores it in the directory specified with -cd parameter. From there you can edit any of it and upload back the same way without the “-r” parameter

1 Like