Updating Usernames and Passwords in OpenObserve
Managing credentials in OpenObserve is critical for securing your observability platform. Incorrect or outdated credentials can block access, cause downtime, or expose your system to security risks. This page explains how to update usernames and passwords through the UI or CLI, and provides best practices for secure credential management.
Overview
OpenObserve provides multiple ways to manage user credentials:
Updating Passwords via the OpenObserve UI
Use the OpenObserve UI to manage users easily.
Steps:
- Log in as an administrator.
- Navigate to IAM → Users. Click the Edit icon under Actions for the user you want to update.
- Enable Change Password and enter the new password.
- Click Save Changes.
- Log out and verify that the updated credentials work.
Tip: You can also update user roles at the same time to enforce correct permissions.
Resetting the Root Password via CLI
If you are locked out of the root account, you can reset the root password from the CLI.
Steps:
-
Set environment variables for the new root credentials:
-
Run the reset command from your OpenObserve installation directory:
-
After the reset completes, log in with the updated root credentials.
Note: For Docker or Kubernetes deployments, set the environment variables inside the container or pod before running the reset command.
Best Practices
- Update usernames, passwords, or roles via the UI whenever possible.
- Update root and user passwords periodically; rotate API keys or service accounts.
- Use long, complex, and unique passwords. Avoid reusing passwords across environments.
- Back up your metadata database, especially before manual or DB-level changes.
- Use dedicated users with least privilege; reserve root for emergencies.
Next Steps
- Set up alerts for failed logins to detect potential security issues.
- Review RBAC and role assignments to ensure least-privilege access.