High Level Summary of Steps

At a high level, for each of the services you run, ensure the username & passwords are secure. Check for all services including OpenMRS, Crater, Metabase, Odoo, DCM4chee, OpenELIS, etc and also the associated database credentials.

For this you would need to ensure a particular service is running, then login into its Admin section, and change the default credentials. You would also need to ensure the .env file is updated after bringing down the service, with the new creds, before you bring the services back up.

This whole process should likely take you approx 30-45 mins. To know which all passwords need to be changed, search for all variables in .env file which end with PASSWORD. See sample command that can help: cat .env | grep PASSWORD

Steps needed for each Service

1. OpenMRS/Bahmni: For OpenMRS / Bahmni EMR UI, change password by:

   1. Login into OpenMRS Admin UI (https://<ip>/openmrs/) with admin rights (superman user)

   2. Go to Adminstration → Manage User

   3. Change the creds for admin users: superman and admin

   4. Save/Exit/Logout and login again to check the creds work as expected.

   5. Update .env file with new creds for all variables related to OPENMRS, where the old password was specified. Check atomfeed related creds also in .env file. Change them too.

2. OpenELIS: For OpenELIS (Lab), follow these steps after login with admin user admin: Lab Security and Access Control (OpenELIS) and then update the .env file with new creds for variables related to OPENELIS. Check atomfeed related creds also in .env file. Change them too.

3. Crater:

   1. Login into crater as admin (superman@bahmni.org).

   2. Go to Settings → Account Setting

   3. Change the password to a new one

   4. Save/Exit/Logout and login again to check the creds work as expected.

   5. Update .env file with new creds for CRATER, where the old password was specified.

   6. Check atomfeed related creds also in .env file. Change them too.

4. Odoo:

   1. Login to Odoo with user admin and change the password.

   2. Save/Exit/Logout and login again to check the creds work as expected.

   3. Check atomfeed related creds also in .env file. Change them too.

5. Metabase Analytics:

   1. Login to metabase with admin@mybahmni.org

   2. Go to Settings → Admin Settings → People (https://<ip>/metabase/admin/people)

   3. Click on the “…” (3 dots) on the right side of Admin user, and reset the password.

   4. Save/Exit/Logout and login again to check the creds work as expected.

   5. Update .env file with new creds for METABASE_ADMIN_PASSWORD.

   6. Also ensure you have setup correct permissions for other users: Securing Metabase & Bahmni Mart Analytics Tool

6. DCM4chee:

   1. Login to Dcm4chee service with admin user: admin

   2. Change password.

   3. Save/Exit/Logout and login again to check the creds work as expected.

   4. Check atomfeed related creds also in .env file. Change them too.

7. Databases:

   1. Note, the app services like openmrs, or crater, or odoo should be shutdown, before changing DB service credentials, to ensure none of the services are connected to DB.

   2. For databases you will need to ssh/exec into each container (docker compose exec <db-servicename>, and then using mysql or pgsql command, connect and then rename. To connect to a database see: Connecting to various databases .

   3. To reset password for MySQL see: https://dev.mysql.com/doc/refman/8.0/en/resetting-permissions.html and for Postgres see: https://www.geeksforgeeks.org/postgresql-reset-password-for-postgres/ (step 4 onwards).

   4. Once done, then update the .env file with new DB credentials and restart service.