[GH-ISSUE #575] Encrypt Pangolin admin password #1513

New Issue

Closed

opened 2026-04-16 08:10:32 -05:00 by GiteaMirror · 9 comments

GiteaMirror commented 2026-04-16 08:10:32 -05:00

Owner

Copy Link

Originally created by @kevin-gillet on GitHub (Apr 23, 2025).
Original GitHub issue: https://github.com/fosrl/pangolin/issues/575

Security Enhancement Request

Currently, according to the documentation at https://docs.fossorial.io/Pangolin/Configuration/config#users, admin passwords are stored in plaintext in the config/config.yml file.

Suggestion

1. Implement password hashing using a strong algorithm like Argon2 (similar to how Vaultwarden handles password storage).
2. Add a CLI tool for password reset functionality (related to issue #138)

Benefits

• Significantly improved security if config files are ever exposed
• Protection against accidental password exposure
• Follows security best practices

Would be happy to help test if a PR is created for this enhancement.

Originally created by @kevin-gillet on GitHub (Apr 23, 2025). Original GitHub issue: https://github.com/fosrl/pangolin/issues/575 ## Security Enhancement Request Currently, according to the documentation at https://docs.fossorial.io/Pangolin/Configuration/config#users, admin passwords are stored in plaintext in the config/config.yml file. ### Suggestion 1. Implement password hashing using a strong algorithm like Argon2 (similar to how Vaultwarden handles password storage). 2. Add a CLI tool for password reset functionality (related to issue #138) ### Benefits - Significantly improved security if config files are ever exposed - Protection against accidental password exposure - Follows security best practices Would be happy to help test if a PR is created for this enhancement.

GiteaMirror added the stale label 2026-04-16 08:10:32 -05:00

GiteaMirror closed this issue 2026-04-16 08:10:33 -05:00

GiteaMirror commented 2026-04-16 08:10:34 -05:00

Author

Owner

Copy Link

@miloschwartz commented on GitHub (Apr 23, 2025):

Just to clarify -- the password is hashed (like all other passwords) after being read from the file and entered into the database using standard methods. No passwords are stored in plain text in the database.

You can set the password via an environment variable which will override anything you put in the config file. This lets you pull the password from a secrets manager store instead. It is not uncommon to pass secrets into a container via environment variables. Future versions of Pangolin will also require a secret key used for encryption/decryption which will also need to be passed via the config or an environment variable. I believe Vaultwarden requires you pass an admin secret via environment variables as well.

We initially added the password to the config because we want the admin to be able to easily change the admin user username/password if they lose access. I understand that some people want to commit the config file for version control which is why we added the environment variable option. A CLI tool would be a nice/slick addition, but maybe we will change this so after the password is entered, you can remove the section from the config, and re-add it only for resetting purposes.

<!-- gh-comment-id:2824872258 --> @miloschwartz commented on GitHub (Apr 23, 2025): Just to clarify -- the password is hashed (like all other passwords) after being read from the file and entered into the database using standard methods. No passwords are stored in plain text in the database. You can set the password via an environment variable which will override anything you put in the config file. This lets you pull the password from a secrets manager store instead. It is not uncommon to pass secrets into a container via environment variables. Future versions of Pangolin will also require a secret key used for encryption/decryption which will also need to be passed via the config or an environment variable. I believe Vaultwarden requires you pass an admin secret via environment variables as well. We initially added the password to the config because we want the admin to be able to easily change the admin user username/password if they lose access. I understand that some people want to commit the config file for version control which is why we added the environment variable option. A CLI tool would be a nice/slick addition, but maybe we will change this so after the password is entered, you can remove the section from the config, and re-add it only for resetting purposes.

GiteaMirror commented 2026-04-16 08:10:35 -05:00

Author

Owner

Copy Link

@kevin-gillet commented on GitHub (Apr 24, 2025):

Thanks for explaining the current approach. I understand the reasoning behind making password changes accessible.

However, I've encountered a practical issue: when I try to remove or comment out the password section from the config file after initial setup, I get an 'invalid config file' error. This means I can't actually use the workflow you described where the password section is only present temporarily.

This forces me to keep plaintext credentials in the config file permanently, which creates security concerns, especially in environments where multiple administrators might have access to configuration files.

A CLI tool for password management would solve this by:

• Allowing secure password resets without config file edits
• Eliminating the need to store plaintext credentials in files
• Working alongside the existing environment variable option

Would the team consider this enhancement as a priority? I'd be happy to provide more details about the error I'm encountering if that helps.

<!-- gh-comment-id:2826875552 --> @kevin-gillet commented on GitHub (Apr 24, 2025): Thanks for explaining the current approach. I understand the reasoning behind making password changes accessible. However, I've encountered a practical issue: when I try to remove or comment out the password section from the config file after initial setup, I get an 'invalid config file' error. This means I can't actually use the workflow you described where the password section is only present temporarily. This forces me to keep plaintext credentials in the config file permanently, which creates security concerns, especially in environments where multiple administrators might have access to configuration files. A CLI tool for password management would solve this by: - Allowing secure password resets without config file edits - Eliminating the need to store plaintext credentials in files - Working alongside the existing environment variable option Would the team consider this enhancement as a priority? I'd be happy to provide more details about the error I'm encountering if that helps.

GiteaMirror commented 2026-04-16 08:10:35 -05:00

Author

Owner

Copy Link

@miloschwartz commented on GitHub (Apr 24, 2025):

I think we're going to explore adding a CLI tool in the container so you could bash in and run a password reset command like you suggested. Improving the current system in some new form will become a priority here soon.

<!-- gh-comment-id:2829072854 --> @miloschwartz commented on GitHub (Apr 24, 2025): I think we're going to explore adding a CLI tool in the container so you could bash in and run a password reset command like you suggested. Improving the current system in some new form will become a priority here soon.

GiteaMirror commented 2026-04-16 08:10:36 -05:00

Author

Owner

Copy Link

@adiroiban commented on GitHub (May 5, 2025):

I guess that the password can be stored in PHC string format

The algorithm should be fixed to argon2

there should be 3rd party tools that can hash a password ... so no need to reinvent the wheel

<!-- gh-comment-id:2850453101 --> @adiroiban commented on GitHub (May 5, 2025): I guess that the password can be stored in [PHC string format](https://github.com/P-H-C/phc-string-format/blob/master/phc-sf-spec.md) The algorithm should be fixed to `argon2` there should be [3rd party tools](https://www.npmjs.com/package/@xscale/hash) that can hash a password ... so no need to reinvent the wheel

GiteaMirror commented 2026-04-16 08:10:37 -05:00

Author

Owner

Copy Link

@github-actions[bot] commented on GitHub (May 20, 2025):

This issue has been automatically marked as stale due to 14 days of inactivity. It will be closed in 14 days if no further activity occurs.

<!-- gh-comment-id:2892570076 --> @github-actions[bot] commented on GitHub (May 20, 2025): This issue has been automatically marked as stale due to 14 days of inactivity. It will be closed in 14 days if no further activity occurs.

GiteaMirror commented 2026-04-16 08:10:37 -05:00

Author

Owner

Copy Link

@kevin-gillet commented on GitHub (May 27, 2025):

bump

<!-- gh-comment-id:2912724078 --> @kevin-gillet commented on GitHub (May 27, 2025): bump

GiteaMirror commented 2026-04-16 08:10:38 -05:00

Author

Owner

Copy Link

@github-actions[bot] commented on GitHub (Jun 11, 2025):

This issue has been automatically marked as stale due to 14 days of inactivity. It will be closed in 14 days if no further activity occurs.

<!-- gh-comment-id:2960880098 --> @github-actions[bot] commented on GitHub (Jun 11, 2025): This issue has been automatically marked as stale due to 14 days of inactivity. It will be closed in 14 days if no further activity occurs.

GiteaMirror commented 2026-04-16 08:10:39 -05:00

Author

Owner

Copy Link

@github-actions[bot] commented on GitHub (Jun 25, 2025):

This issue has been automatically closed due to inactivity. If you believe this is still relevant, please open a new issue with up-to-date information.

<!-- gh-comment-id:3002234729 --> @github-actions[bot] commented on GitHub (Jun 25, 2025): This issue has been automatically closed due to inactivity. If you believe this is still relevant, please open a new issue with up-to-date information.

GiteaMirror commented 2026-04-16 08:10:39 -05:00

Author

Owner

Copy Link

@miloschwartz commented on GitHub (Jun 25, 2025):

The next release of Pangolin should include a CLI tool for resetting and a basic onboarding UI. This will let everyone remove the users from the config file/env vars after upgrading

<!-- gh-comment-id:3002312288 --> @miloschwartz commented on GitHub (Jun 25, 2025): The next release of Pangolin should include a CLI tool for resetting and a basic onboarding UI. This will let everyone remove the users from the config file/env vars after upgrading

GiteaMirror referenced this issue 2026-04-16 09:30:03 -05:00

[PR #1513] [CLOSED] Bump zod-validation-error from 3.5.2 to 4.0.2 #2590

GiteaMirror referenced this issue 2026-04-20 08:55:39 -05:00

[PR #1513] [CLOSED] Bump zod-validation-error from 3.5.2 to 4.0.2 #4533

GiteaMirror referenced this issue 2026-04-23 02:34:56 -05:00

[PR #1513] [CLOSED] Bump zod-validation-error from 3.5.2 to 4.0.2 #5477

GiteaMirror referenced this issue 2026-04-25 16:13:34 -05:00

[PR #1513] [CLOSED] Bump zod-validation-error from 3.5.2 to 4.0.2 #7392

GiteaMirror referenced this issue 2026-04-30 05:37:19 -05:00

[PR #1513] [CLOSED] Bump zod-validation-error from 3.5.2 to 4.0.2 #9371

GiteaMirror referenced this issue 2026-05-06 16:01:00 -05:00

[PR #1513] [CLOSED] Bump zod-validation-error from 3.5.2 to 4.0.2 #11390

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

dependabot/npm_and_yarn/prod-patch-updates-64dd675a88

dependabot/npm_and_yarn/dev-minor-updates-10ef4f0f15

dependabot/docker/node-26-alpine

dependabot/docker/docker/library/node-26-slim

dependabot/npm_and_yarn/multi-7bdfbe8666

crowdin_dev

dev

resource-policies

redis

newt-install-commands

dependabot/npm_and_yarn/multi-d2fd79378c

dependabot/npm_and_yarn/uuid-14.0.0

dependabot/npm_and_yarn/postcss-8.5.10

miloschwartz-patch-2

dependabot/github_actions/actions/setup-node-6.4.0

dependabot/npm_and_yarn/next-16.2.1

dependabot/npm_and_yarn/recharts-3.8.1

dependabot/npm_and_yarn/next-intl-4.9.1

cross-org-idp

update-readme

miloschwartz-patch-1

breakout-sites-tables

revert-2766-feature/systemd-install-instructions

ssh

delete-account

msg-delivery

org-only-idp

cicd

patch

site-targets-auto-login

1.18.3

1.18.3-s.1

1.18.3-s.0

1.18.2-s.5

1.18.2-s.4

1.18.2-s.3

1.18.2-s.2

1.18.2-s.1

1.18.2

1.18.2-s.0

1.18.1-s.7

1.18.1-s.6

1.18.1-s.5

1.18.1-s.4

1.18.1-s.3

1.18.1-s.2

1.18.1

1.18.1-s.1

1.18.1-s.0

1.18.0-s.2

1.18.0-s.1

1.18.0

1.18.0-s.0

1.17.1-s.7

1.17.1-s.6

1.18.0-rc.0

1.17.1-s.5

1.17.1-s.4

1.17.1-s.3

1.17.1

1.17.1-s.2

1.17.1-s.1

1.17.1-s.0

1.17.0-s.4

1.17.0

1.17.0-s.3

1.17.0-s.2

1.17.0-s.1

1.17.0-s.0

1.17.0-rc.0

1.16.2-s.22

1.16.2-s.21

1.16.2-s.20

1.16.2-s.19

1.16.2-s.18

1.16.2-s.17

1.16.2-s.16

1.16.2-s.15

1.16.2-s.14

1.16.2-s.13

1.16.2-s.12

1.16.2-s.11

1.16.2-s.10

1.16.2-s.9

1.16.2-s.8

1.16.2-s.7

1.16.2-s.6

1.16.2-s.5

1.16.2-s.4

1.16.2-s.3

1.16.2-s.2

1.16.2-s.1

1.16.2

1.16.2-s.0

1.16.1-s.1

1.16.1

1.16.1-s.0

1.16.0

1.16.0-s.1

1.16.0-s.0

1.16.0-rc.0

1.15.4-s.10

1.15.4-s.9

1.15.4-s.8

1.15.4-s.7

1.15.4-s.6

1.15.4-s.5

1.15.4-s.4

1.15.4-s.3

1.15.4-s.2

1.15.4-s.1

1.15.4

1.15.4-s.0

1.15.3

1.15.3-s.1

1.15.3-s.0

1.15.2

1.15.1-s.1

1.15.1-s.0

1.15.1

1.15.0-s.5

1.15.0

1.15.0-s.4

1.15.0-s.3

1.15.0-s.2

1.15.0-s.1

1.15.0-s.0

1.15.0-rc.0

1.14.1-s.3

1.14.1-s.2

1.14.1-s.1

1.14.1-s.0

1.14.1

1.14.0-s.2

1.14.0

1.14.0-rc.0

1.13.1

1.13.1-s.0

1.13.0

1.13.0.s.0

1.13.0-rc.0

1.12.2-s.5

1.12.3

1.12.2-s.4

1.12.2-s.3

1.12.2-s.2

1.12.2-s.1

1.12.2

1.12.2-s.0

1.12.1

1.12.0

1.12.0-s.0

1.12.0-rc.0

1.11.1

1.11.1-s.0

1.11.0-s.5

1.11.0

1.11.0-s.4

1.11.0-s.3

1.11.0-s.2

1.11.0-s.1

1.11.0-s.0

1.10.3

1.10.2

1.10.1

1.10.0

1.9.4

1.9.3

1.9.2

1.9.1

1.9.0

1.8.0

1.7.3

1.7.2

1.7.1

1.7.0

1.6.2

1.6.1

1.6.0

1.5.1

1.5.0

1.4.0

1.3.2

1.3.1

1.3.0

1.2.0

1.1.0

1.0.1

1.0.0

1.0.0-beta.15

1.0.0-beta.14

1.0.0-beta.13

1.0.0-beta.12

1.0.0-beta.11

1.0.0-beta.10

1.0.0-beta.9

1.0.0-beta.8

1.0.0-beta.7

1.0.0-beta.6

1.0.0-beta.5

1.0.0-beta.4

1.0.0-beta.3

1.0.0-beta.2

1.0.0-beta.1

Labels

Clear labels

api

authentication

bug

config

dependencies

docker

documentation

enhancement

good first issue

help wanted

Improvement

Look Into

needs investigating

networking

new feature

non-critical bug

potential bug

pull-request

Mirrored from GitHub Pull Request

question

reverse proxy

Security

stale

ui

wontfix

No Label stale

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/pangolin#1513