Change Secrets and Passwords (Required)

Last Updated: November 2021

The default secret key and passwords should be changed to secure the VM immediately after provisioning it.

Change Secret Key

The portal_config.yml has been configured with a default SECRET_KEY that should be changed. Use a tool like RandomKeygen to generate a new key (e.g.: CodeIgniter Encryption Key or 256-bit WEP Key). Update the SECRET_KEY value as follows:

default
tethys settings --set SECRET_KEY <new_key>

Restart the Tethys service afterward:

default
sudo systemctl restart tethys

Change Passwords

All user accounts have default passwords that should be changed to secure passwords soon after creating the VM. Use a password generator like xkpasswd or similar to create strong and unique passwords for the following accounts:

  • Tethys User Account

  • Tethys Portal Admin User

  • Database Users (postgres, tethys_default, tethys_super)

Warning

Failure to change the passwords on your Tethys Portal server will make it vulnerable to attack! Do not keep the default passwords!

Tethys User

If you did not change the password of the tethys user in the Orientation to Azure VM tutorial, do so now:

default
sudo passwd tethys

Database Users

Change the passwords for the database users as follows:

  1. Start psql as the postgres user:

    default
    sudo su - postgres -c psql

  2. Use ALTER USER queries to change the passwords:

    default
    ALTER USER <user_name> WITH PASSWORD '<new_password>';

  3. Quit psql:

    default
    \q

  4. Update Tethys portal_config.yml:

    default
    tethys settings --set DATABASES.default.PASSWORD <tethys_default_password>

  5. Restart the tethys service to apply the changes to portal_config.yml:

    default
    sudo systemctl restart tethys.service

Tethys Portal Admin

Create a new portal admin account and delete the default account as follows:

  1. Run the createsuperuser command:

    default
    tethys db createsuperuser --pn <username> --pe <email> --pp <password>

  2. Log in to the Tethys Portal with the new admin account.

  3. Select Site Admin from the dropdown menu at the top-right.

  4. Click on the Users link under the AUTHENTICATION AND AUTHORIZATION section.

  5. Check the box next to the admin user and

  6. Select Delete selected users from the Actions dropdown and press the Go button.

Delete the default admin user account
Figure 1. Delete the default admin user account.