Reset Admin Password
If you don't see any authentication methods on the login page, you most likely don't have access to your SSO authentication anymore. To reenable password login you need to edit the loft configuration.
Run the following command to get a new hashed loft configuration wit password login enabled:
kubectl get secrets/loft-manager-config -o jsonpath="{.data.config}" | base64 -d | yq "del(.auth.password.disabled)" | base64
Then, copy the output, kubectl edit get secrets/loft-manager-config
and replace .data.config
with the new config.
Make sure to restart your loft pods afterwards for the new configuration to take effect.
Loftctl
If you are still authenticated via the loft CLI you can easily reset the admin password:
loft reset password --user=admin
Kubectl
In order to find the kubernetes secret where the password hash for the admin account, run the following command:
$ kubectl get user admin -o yaml
apiVersion: management.loft.sh/v1
kind: User
metadata:
...
spec:
passwordRef:
key: password
secretName: loft-user-secret-admin
secretNamespace: loft
...
The important part of the yaml is the password ref, which holds the reference for the secret where the password is stored.
Reset the password
The next step is to create a sha256 hash of your new password:
echo -n my-new-password | sha256sum
which should print something like:
d7ff0c3cf3be79e0ecd30971c163b6be693fcb26578f18f1b9a3926eaf7b339d -
Now copy the hash without the -
and patch the secret with the new password hash:
kubectl get secret loft-user-secret-admin -n loft -o json | jq --arg password "$(echo d7ff0c3cf3be79e0ecd30971c163b6be693fcb26578f18f1b9a3926eaf7b339d | base64)" '.data["password"]=$password' | kubectl apply -f -
After that you should be able to login with the user admin
and your new password into loft.