Version: 1.15

Reset Loft Admin Password

If you have lost the password for a loft user, you can also reset it via kubectl. Make sure you have cluster wide access to the kubernetes cluster where loft is running in.

Find the kubernetes secret with the password hash

In order to find the kubernetes secret where the password hash for a specific user is stored, run the following command:

$ kubectl get user admin -o yaml
apiVersion: management.loft.sh/v1
kind: User
metadata:
  ...
spec:
  passwordRef:
    key: password
    secretName: loft-user-secret-admin
    secretNamespace: loft
...

The important part of the yaml is the password ref, which holds the reference for the secret where the password is stored.

Reset the password

The next step is to create a sha256 hash of your new password:

echo -n my-new-password | sha256sum

which should print something like:

d7ff0c3cf3be79e0ecd30971c163b6be693fcb26578f18f1b9a3926eaf7b339d  -

Now copy the hash (d7ff0c3cf3be79e0ecd30971c163b6be693fcb26578f18f1b9a3926eaf7b339d) without the - and patch the secret with the new password hash:

kubectl get secret loft-user-secret-admin -n loft -o json | jq --arg password "$(echo d7ff0c3cf3be79e0ecd30971c163b6be693fcb26578f18f1b9a3926eaf7b339d | base64)" '.data["password"]=$password' | kubectl apply -f -

After that you should be able to login with the user admin and your new password into loft.

Find the kubernetes secret with the password hash​

Reset the password​

Find the kubernetes secret with the password hash

Reset the password