Skip to main content
Version: main 🚧

Reset Admin Password

If you're locked out of vCluster Platform, you can reset the admin password directly from the command line.

If you still have UI access, use Reset a user's password instead. It works for the admin account too.

No authentication methods on the login page

If you don't see any authentication methods on the login page at all, password login was likely disabled and you lost access to SSO. Re-enable password login first, then come back to reset the password. See Recovery.

vCluster CLI​

If you are still authenticated using the vCluster CLI you can easily reset the admin password:

vcluster platform reset password --user=admin
Existing sessions and access keys are invalidated

Resetting a password through the CLI deletes all of that user's existing access keys, including browser sessions, other CLI sessions, and any API tokens the user generated. Anyone using the old password or an existing access key for this user must log in again. This does not apply to the Kubectl method below, which patches the password secret directly and leaves existing sessions and access keys untouched.

Kubectl​

If you don't have CLI access, you can reset the password by patching the underlying Kubernetes secret directly.

Find the password secret​

Run the following command to look up the admin user's password reference:

$ kubectl get user admin -o yaml
apiVersion: management.loft.sh/v1
kind: User
metadata:
...
spec:
passwordRef:
key: password
secretName: loft-user-secret-admin
secretNamespace: vcluster-platform
...

Note the secretName and secretNamespace under passwordRef. Older installs may use the loft namespace instead of vcluster-platform. You'll use both values in the next step.

Set a new password​

Replace SECRET_NAME, SECRET_NAMESPACE, and my-new-password below with the values from the previous step and your new password, then run:

SECRET_NAME=loft-user-secret-admin
SECRET_NAMESPACE=vcluster-platform
NEW_PASSWORD_HASH=$(echo -n "my-new-password" | sha256sum | awk '{print $1}')

kubectl get secret "$SECRET_NAME" -n "$SECRET_NAMESPACE" -o json \
| jq --arg password "$(printf '%s' "$NEW_PASSWORD_HASH" | base64)" '.data["password"]=$password' \
| kubectl apply -f -

After that you should be able to log in to vCluster Platform with the user admin and your new password.