...
At a high level, for each of the services you run, ensure the username & passwords are secure. Check for all services including OpenMRS, Crater, Metabase, Odoo, DCM4chee, OpenELIS, etc, and also the associated databasecredentials.
For this, you would need to ensure a particular service is running, then login into its Admin section, update the credentials in the .env
file for services & DB’s, and for some of the services, you need to ensure that they are running. Then, log in to their admin section and change the default credentials. You would also need to ensure Additionally, make sure to update the .env
file is updated with the new credentials after bringing down the service, with the new creds, before you bring bringing the services back up.
This whole process should likely take you approx. 30-45 mins. To know which all passwords need to be changed, search for all variables in .env
file which end with PASSWORD
. See the sample command that can help: cat .env | grep PASSWORD
...
Credentials for Bahmni Lite
Service/DB | Variables | Comments |
---|---|---|
OpenMRS/Bahmni UI & Atomfeed |
| Follow detailed steps for OpenMRS/Bahmni |
OpenMRS Database(MySQL) |
| Update the credentials on |
Carter UI & Atomfeed | UI-
Atomfeed-
| This creds will be used to login crater UI & Atomfeed. Update the credentials on Both UI & Atomfeed creds should be same. |
Crater DB |
| Update the credentials on |
Crater Atomfeed DB |
| Update the credentials on |
Reports DB |
| Update the credentials on |
Metabase UI |
| This creds will be used to login Metabase UI, update the credentials on |
Metabase DB |
| Update the credentials on |
Mart DB |
| Update the credentials on |
Credentials for Bahmni Standard
Service/DB | Variables | Comments |
---|---|---|
OpenMRS/Bahmni UI & Atomfeed |
| Follow detailed steps for OpenMRS/Bahmni |
OpenMRS Database |
| Update the credentials on |
OpenElis UI & Atomfeed |
| Follow detailed steps for OpenELIS |
OpenElis DB |
| Update the credentials on |
Odoo UI & Atomfeed |
| Follow detailed steps for Odoo |
Odoo DB |
| Update the credentials on |
Pacs DB |
| Update the credentials on |
Pacs Integration DB |
| Update the credentials on |
Reports DB |
| Update the credentials on |
Metabase UI |
| This creds will be used to login Metabase UI, update the credentials on |
Metabase DB |
| Update the credentials on |
Mart DB |
| Update the credentials on |
Steps needed for each Service
OpenMRS/Bahmni
...
For OpenMRS / Bahmni EMR UI, change
...
credentials by:
Login into OpenMRS Admin UI (
https://<ip>/openmrs/
) with admin rights (superman
user)Go to
AdminstrationAdministration → Manage User
Change the creds for admin users:
superman
andadmin
Save/Exit/Logout and login again to check the creds work as expected.
Update
all variables related to OPENMRS, where the old password was specified. Check atomfeed related creds also in.env
file with new creds for.env
file. Change them too.OpenELIS: variables
OPENMRS_ATOMFEED_USER
andOPENMRS_ATOMFEED_PASSWORD
OpenELIS
...
For OpenELIS (Lab), follow these steps after login with admin user admin
: Lab Security and Access Control (OpenELIS) and then update the .env
file with new creds for variables
...
Crater:
OPENELIS_ATOMFEED_USER
and OPENELIS_ATOMFEED_PASSWORD
Crater
Note |
---|
Follow these steps only if you need to update the credentials after the initial installation. If you have already updated the secure credentials in the |
Login into the crater as admin (
superman@bahmni.org
).Go to Settings → Account Setting
Change the password to a new one
Save/Exit/Logout and login again to check the creds work as expected.
Update the
, where the old password was specified..env
file with new creds for variablesCRATER
Check atomfeed related creds also in
.env
file. Change them too.
Odoo:_ADMIN_EMAIL
, CRATER_ADMIN_PASSWORD
,
CRATER_USERNAME
and CRATER_PASSWORD
Odoo
Login to Odoo with user
admin
and change the password.Save/Exit/Logout and login again to check the creds work as expected.
Check atomfeed related creds also in
.env
file. Change them too.Metabase Analytics:Update the
.env
file with new creds for variablesODOO_ATOMFEED_USER
andODOO_ATOMFEED_PASSWORD
Metabase Analytics
Note |
---|
Follow these steps only if you need to update the credentials after the initial installation. If you have already updated the secure credentials in the |
Login to metabase with
admin@mybahmni.org
Go to Settings → Admin Settings → People (
https://<ip>/metabase/admin/people)
Click on the “…” (3 dots) on the right side of
Admin
user, and reset the password.Save/Exit/Logout and login again to check the creds work as expected.
Update
.env
file with new creds forMETABASE_ADMIN_EMAIL
andMETABASE_ADMIN_PASSWORD
.Also, ensure you have
setupset up the correct permissions for other users: Securing Metabase & Bahmni Mart Analytics Tool
DCM4chee
...
Login to Dcm4chee service with admin user:
admin
Change password.
Save/Exit/Logout and login again to check the creds work as expected.
Check atomfeed related creds also in
.env
file. Change them too.
Databases: We don't have to update anything on .env
file.
Databases
Note |
---|
Follow these steps only if you need to update the credentials after the initial installation. If you have already updated the secure credentials in the |
Note, the app services like openmrs, or crater, or odoo should be
shutdownshut down, before changing DB service credentials, to ensure none of the services are connected to DB.
For databases you will need to ssh/exec into each container (
docker compose exec <db-servicename>
, and then using mysql or pgsql command, connect and then rename. To connect to a database see: Connecting to various databases.To reset password for MySQL see: https://dev.mysql.com/doc/refman/8.0/en/resetting-permissions.html and for Postgres see: https://www.geeksforgeeks.org/postgresql-reset-password-for-postgres/ (step 4 onwards).
Once done, then update the
.env
file with new DB credentials and restart the service.
Tip |
---|
Great job keeping Bahmni secure for all users and patients!! Thanks! |