coop-cloud/vaultwarden
coop-cloud/vaultwarden
2
0
Fork 4
Code Issues 1 Pull Requests Projects Releases 1 Wiki Activity

plain text admin_token is considered insecure #5

New Issue
Open
opened 2025-03-28 19:38:24 +00:00 by fauno · 3 comments
fauno commented 2025-03-28 19:38:24 +00:00
Owner
Copy Link

https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page#secure-the-admin_token

d2025-03-28T19:36:16.999666703Z [NOTICE] You are using a plain text `ADMIN_TOKEN` which is insecure.
s2025-03-28T19:36:16.999863094Z Please generate a secure Argon2 PHC string by using `vaultwarden hash` or `argon2`.
2025-03-28T19:36:17.000027003Z See: https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page#secure-the-admin_token
https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page#secure-the-admin_token ``` d2025-03-28T19:36:16.999666703Z [NOTICE] You are using a plain text `ADMIN_TOKEN` which is insecure. s2025-03-28T19:36:16.999863094Z Please generate a secure Argon2 PHC string by using `vaultwarden hash` or `argon2`. 2025-03-28T19:36:17.000027003Z See: https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page#secure-the-admin_token ```
👀 1
decentral1se commented 2025-04-24 08:13:29 +00:00
Owner
Copy Link

I didn't have time to check but I assume the migration step is to:

  1. Export your password in plain text
  2. Hash it with the hash command (?)
  3. Re-insert it?

We could add this as documentation in the README.md.

I didn't have time to check but I assume the migration step is to: 1. Export your password in plain text 2. Hash it with the `hash` command (?) 3. Re-insert it? We could add this as documentation in the `README.md`.
fauno commented 2025-04-24 14:39:13 +00:00
Author
Owner
Copy Link

you can also do it from the admin web ui, that's what i did finally. the secret should be hashed anyway, so the issue is with autogenerated secrets (unless abra can be told to hash secrets! a wild feature request appears!)

you can also do it from the admin web ui, that's what i did finally. the secret should be hashed anyway, so the issue is with autogenerated secrets (unless abra can be told to hash secrets! a wild feature request appears!)
👍 1
decentral1se commented 2025-04-24 19:28:41 +00:00
Owner
Copy Link

The logic is there but I'm not sure adding the dependency just for this specific use case is really worth it? Are there other apps that require it? If you fee like we should go for it, feel free to open an issue for abra.

I guess just docs in the README.md to close this one then here.

[The logic](https://docs.coopcloud.tech/maintainers/handbook/#how-do-i-change-secret-generation-characters) is there but I'm not sure adding the dependency just for this specific use case is really worth it? Are there other apps that require it? If you fee like we should go for it, feel free to open an issue for `abra`. I guess just docs in the `README.md` to close this one then here.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
3wordchant aadil abra-bot ammaratef45 Apfelwurm appletalk arjan basebuilder Brooke carla cas codegod100 coopcloud decentral1se fauno flancian Frando iexos javielico kawaiipunk knoflook lambdabundesverband mac-chaffee marlon mayel mirsal moritz nicksellen notplants p4u1 pau renovate-bot rix sef simon stevensting tobias trav val virtualboys wolcen wykwit xynosis yksflip
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: coop-cloud/vaultwarden#5
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?