Changing Default Credentials of Bahmni Docker
Bahmni docker ships with default credentials, for easy & quick startup of Bahmni for newbies. These are already well known in various locations on internet/github, e.g see here (.env
file). Users should change these default credentials to strong/secure ones to ensure your Bahmni setup is safe. This is especially true if you are going to store real data, otherwise you would be putting citizen health data in jeopardy and yourself in a legal / operational mess!
High Level Summary of Steps
At a high level, for each of the services you run, ensure the username & passwords are secure. Check for all services including OpenMRS, Crater, Metabase, Odoo, DCM4chee, OpenELIS, etc, and also the associated database credentials.
For this, you would need to update the credentials in the .env
file for services & DB’s, and for some of the services, you need to ensure that they are running. Then, log in to their admin section and change the default credentials. Additionally, make sure to update the .env
file with the new credentials after bringing down the service, before bringing the services back up.
This whole process should likely take you approx. 30-45 mins. To know which all passwords need to be changed, search for all variables in .env
file which end with PASSWORD
. See the sample command that can help: cat .env | grep PASSWORD
Credentials for Bahmni Lite
Service/DB | Variables | Comments |
---|---|---|
OpenMRS/Bahmni UI & Atomfeed
|
| Follow detailed steps for OpenMRS/Bahmni |
OpenMRS Database(MySQL) |
| Update the credentials on |
Carter UI & Atomfeed | UI-
Atomfeed-
| This creds will be used to login crater UI & Atomfeed. Update the credentials on Both UI & Atomfeed creds should be same. |
Crater DB |
| Update the credentials on |
Crater Atomfeed DB |
| Update the credentials on |
Reports DB |
| Update the credentials on |
Metabase UI |
| This creds will be used to login Metabase UI, update the credentials on |
Metabase DB |
| Update the credentials on |
Mart DB |
| Update the credentials on |
Credentials for Bahmni Standard
Service/DB | Variables | Comments |
---|---|---|
OpenMRS/Bahmni UI & Atomfeed
|
| Follow detailed steps for OpenMRS/Bahmni |
OpenMRS Database |
| Update the credentials on |
OpenElis UI & Atomfeed |
| Follow detailed steps for OpenELIS |
OpenElis DB |
| Update the credentials on |
Odoo UI & Atomfeed |
| Follow detailed steps for Odoo |
Odoo DB |
| Update the credentials on |
Pacs DB |
| Update the credentials on |
Pacs Integration DB |
| Update the credentials on |
Reports DB |
| Update the credentials on |
Metabase UI |
| This creds will be used to login Metabase UI, update the credentials on |
Metabase DB |
| Update the credentials on |
Mart DB |
| Update the credentials on |
Steps needed for each Service
OpenMRS/Bahmni
For OpenMRS / Bahmni EMR UI, change credentials by:
Login into OpenMRS Admin UI (
https://<ip>/openmrs/
) with admin rights (superman
user)Go to Administration → Manage User
Change the creds for admin users:
superman
andadmin
Save/Exit/Logout and login again to check the creds work as expected.
Update
.env
file with new creds for variablesOPENMRS_ATOMFEED_USER
andOPENMRS_ATOMFEED_PASSWORD
OpenELIS
For OpenELIS (Lab), follow these steps after login with admin user admin
: Lab Security and Access Control (OpenELIS) and then update the .env
file with new creds for variables OPENELIS_ATOMFEED_USER
and OPENELIS_ATOMFEED_PASSWORD
Crater
Follow these steps only if you need to update the credentials after the initial installation. If you have already updated the secure credentials in the .env
file during the fresh installation, you can skip these steps.
Login into the crater as admin (
superman@bahmni.org
).Go to Settings → Account Setting
Change the password to a new one
Save/Exit/Logout and login again to check the creds work as expected.
Update the
.env
file with new creds for variablesCRATER_ADMIN_EMAIL
,CRATER_ADMIN_PASSWORD
,CRATER_USERNAME
andCRATER_PASSWORD
Odoo
Login to Odoo with user
admin
and change the password.Save/Exit/Logout and login again to check the creds work as expected.
Update the
.env
file with new creds for variablesODOO_ATOMFEED_USER
andODOO_ATOMFEED_PASSWORD
Metabase Analytics
Follow these steps only if you need to update the credentials after the initial installation. If you have already updated the secure credentials in the .env
file during the fresh installation, you can skip these steps.
Login to metabase with
admin@mybahmni.org
Go to Settings → Admin Settings → People (
https://<ip>/metabase/admin/people)
Click on the “…” (3 dots) on the right side of
Admin
user, and reset the password.Save/Exit/Logout and login again to check the creds work as expected.
Update
.env
file with new creds forMETABASE_ADMIN_EMAIL
andMETABASE_ADMIN_PASSWORD
.Also, ensure you have set up the correct permissions for other users: Securing Metabase & Bahmni Mart Analytics Tool
DCM4chee
Login to Dcm4chee service with admin user:
admin
Change password.
Save/Exit/Logout and login again to check the creds work as expected. We don't have to update anything on
.env
file.
Databases
Note, the app services like openmrs, or crater, or odoo should be shut down, before changing DB service credentials, to ensure none of the services are connected to DB.
For databases you will need to ssh/exec into each container (
docker compose exec <db-servicename>
, and then using mysql or pgsql command, connect and then rename. To connect to a database see: Connecting to various databases.To reset password for MySQL see: https://dev.mysql.com/doc/refman/8.0/en/resetting-permissions.html and for Postgres see: https://www.geeksforgeeks.org/postgresql-reset-password-for-postgres/ (step 4 onwards).
Once done, then update the
.env
file with new DB credentials and restart the service.
The Bahmni documentation is licensed under Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0)