Oh, thanks. You’re right, that is required to redeploy the security changes.
Now I remember that I didn’t need to run securityadmin.sh as the docker container executes securityadmin.sh on first run, and my customizations to internal_users.yml were already stored on the volume.
By the way, the output of the hash is different even when using the same input because it includes some pseudo-random bits (salt) to make it stronger against a rainbow attack. See Bcrypt Description.