Bahmni docker ships with default credentials, for easy & quick startup of Bahmni for newbies. These are already well known in various locations on internet/github, e.g see here (.env
file). Users should change these default credentials to strong/secure ones to ensure your Bahmni setup is safe. This is especially true if you are going to store real data, otherwise you would be putting citizen health data in jeopardy and yourself in a legal / operational mess!
High Level Summary of Steps
At a high level, for each of the services you run, ensure the username & passwords are secure. Check for all services including OpenMRS, Crater, Metabase, Odoo, DCM4chee, OpenELIS, etc and also the associated database credentials.
For this you would need to ensure a particular service is running, then login into its Admin section, and change the default credentials. You would also need to ensure the .env
file is updated after bringing down the service, with the new creds, before you bring the services back up.
This whole process should likely take you approx 30-45 mins. To know which all passwords need to be changed, search for all variables in .env
file which end with PASSWORD
. See sample command that can help: cat .env | grep PASSWORD
Steps needed for each Service
OpenMRS/Bahmni: For OpenMRS / Bahmni EMR UI, change password by:
Login into OpenMRS Admin UI (
https://<ip>/openmrs/
) with admin rights (superman
user)Go to Adminstration → Manage User
Change the creds for admin users:
superman
andadmin
Save/Exit/Logout and login again to check the creds work as expected.
Update
.env
file with new creds for all variables related to OPENMRS, where the old password was specified. Check atomfeed related creds also in.env
file. Change them too.
OpenELIS: For OpenELIS (Lab), follow these steps after login with admin user
admin
: Lab Security and Access Control (OpenELIS) and then update the.env
file with new creds for variables related to OPENELIS. Check atomfeed related creds also in.env
file. Change them too.Crater:
Login into crater as admin (
superman@bahmni.org
).Go to Settings → Account Setting
Change the password to a new one
Save/Exit/Logout and login again to check the creds work as expected.
Update
.env
file with new creds for CRATER, where the old password was specified.Check atomfeed related creds also in
.env
file. Change them too.
Odoo:
Login to Odoo with user
admin
and change the password.Save/Exit/Logout and login again to check the creds work as expected.
Check atomfeed related creds also in
.env
file. Change them too.
Metabase Analytics:
Login to metabase with
admin@mybahmni.org
Go to Settings → Admin Settings → People (
https://<ip>/metabase/admin/people)
Click on the “…” (3 dots) on the right side of
Admin
user, and reset the password.Save/Exit/Logout and login again to check the creds work as expected.
Update
.env
file with new creds forMETABASE_ADMIN_PASSWORD
.Also ensure you have setup correct permissions for other users: Securing Metabase & Bahmni Mart Analytics Tool
DCM4chee:
Login to Dcm4chee service with admin user:
admin
Change password.
Save/Exit/Logout and login again to check the creds work as expected.
Check atomfeed related creds also in
.env
file. Change them too.
Databases:
Note, the app services like openmrs, or crater, or odoo should be shutdown, before changing DB service credentials, to ensure none of the services are connected to DB.
For databases you will need to ssh/exec into each container (
docker compose exec <db-servicename>
, and then using mysql or pgsql command, connect and then rename. To connect to a database see: Connecting to various databases .To reset password for MySQL see: https://dev.mysql.com/doc/refman/8.0/en/resetting-permissions.html and for Postgres see: https://www.geeksforgeeks.org/postgresql-reset-password-for-postgres/ (step 4 onwards).
Once done, then update the
.env
file with new DB credentials and restart service.
Great job keeping Bahmni secure for all users and patients!! Thanks!