boundless

boundless

Planned

When creating a new system user, the only way to get the new user's password is to manually log in to the panel and click the "Show password" button. The security concern is legitimate but this makes it difficult to automate.

It should be possible to either send a password to the endpoint when creating the user, or to have the endpoint send the password in the response when it's created. The latter is a common practice. For example, AWS sends the access key and secret when creating a new IAM user. Of course, the password cannot be retrieved at a later date.

This capability is necessary to fully automate the site creation and then automatically store the credentials in our secret/password manager so the rest of the team can use it.

If a user is created through the api and the password returned in the response, I would expect the password to NOT be available in the panel. It's basically analogous to clicking the "Show password" button in the panel, which is only possible once.

Dennis

Dennis

·

Additionally: We're going to make it that you have to add a flag to the POST call like "receive_password": true, so you can get the password in the response.

You may use @ to mention someone.

Return the password of the system user when it's created via the API

2 total votes
Angel boundless
  • Dennis moved item to board Planned

    1 month ago
  • boundless moved item to project API Level Requests

    1 month ago
  • boundless created the item

    1 month ago