Changing Default Credentials of Bahmni Docker

Bahmni docker ships with default credentials, for easy & quick startup of Bahmni for newbies. These are already well known in various locations on internet/github, e.g see here (.env file). Users should change these default credentials to strong/secure ones to ensure your Bahmni setup is safe. This is especially true if you are going to store real data, otherwise you would be putting citizen health data in jeopardy and yourself in a legal / operational mess!

High Level Summary of Steps

At a high level, for each of the services you run, ensure the username & passwords are secure. Check for all services including OpenMRS, Crater, Metabase, Odoo, DCM4chee, OpenELIS, etc, and also the associated database credentials.

For this, you would need to update the credentials in the .env file for services & DB’s, and for some of the services, you need to ensure that they are running. Then, log in to their admin section and change the default credentials. Additionally, make sure to update the .env file with the new credentials after bringing down the service, before bringing the services back up.

This whole process should likely take you approx. 30-45 mins. To know which all passwords need to be changed, search for all variables in .env file which end with PASSWORD. See the sample command that can help: cat .env | grep PASSWORD

Credentials for Bahmni Lite

Service/DB

Variables

Comments

Service/DB

Variables

Comments

OpenMRS/Bahmni UI & Atomfeed

 

OPENMRS_ATOMFEED_USER OPENMRS_ATOMFEED_PASSWORD

Follow detailed steps for OpenMRS/Bahmni

OpenMRS Database(MySQL)

OPENMRS_DB_USERNAME OPENMRS_DB_PASSWORD MYSQL_ROOT_PASSWORD

 

Update the credentials on .env file before doing first installation.

Carter UI & Atomfeed

UI-

CRATER_ADMIN_EMAIL CRATER_ADMIN_PASSWORD

Atomfeed-

CRATER_USERNAME CRATER_PASSWORD

This creds will be used to login crater UI & Atomfeed. Update the credentials on .env file before doing first installation.

Both UI & Atomfeed creds should be same.

Crater DB

CRATER_DB_USERNAME CRATER_DB_USERNAME

Update the credentials on .env file before doing first installation.

Crater Atomfeed DB

CRATER_ATOMFEED_DB_USERNAME CRATER_ATOMFEED_DB_PASSWORD

Update the credentials on .env file before doing first installation.

Reports DB

REPORTS_DB_USERNAME REPORTS_DB_PASSWORD

Update the credentials on .env file before doing first installation.

Metabase UI

METABASE_ADMIN_EMAIL METABASE_ADMIN_EMAIL

This creds will be used to login Metabase UI, update the credentials on .env file before doing first installation.

Metabase DB

METABASE_DB_USER METABASE_DB_PASSWORD

Update the credentials on .env file before doing first installation.

Mart DB

MART_DB_USERNAME MART_DB_PASSWORD

Update the credentials on .env file before doing first installation.

Credentials for Bahmni Standard

Service/DB

Variables

Comments

Service/DB

Variables

Comments

OpenMRS/Bahmni UI & Atomfeed

 

OPENMRS_ATOMFEED_USER OPENMRS_ATOMFEED_PASSWORD

Follow detailed steps for OpenMRS/Bahmni

OpenMRS Database

OPENMRS_DB_USERNAME OPENMRS_DB_PASSWORD MYSQL_ROOT_PASSWORD

 

Update the credentials on .env file before doing first installation.

OpenElis UI & Atomfeed

OPENELIS_ATOMFEED_USER OPENELIS_ATOMFEED_PASSWORD

Follow detailed steps for OpenELIS

OpenElis DB

OPENELIS_DB_USER OPENELIS_DB_PASSWORD

 

Update the credentials on .env file before doing first installation.

Odoo UI & Atomfeed

ODOO_ATOMFEED_USER ODOO_ATOMFEED_PASSWORD

Follow detailed steps for Odoo

Odoo DB

ODOO_DB_USER ODOO_DB_PASSWORD

 

Update the credentials on .env file before doing first installation.

Pacs DB

DCM4CHEE_DB_USERNAME DCM4CHEE_DB_PASSWORD PACS_DB_ROOT_PASSWORD

 

Update the credentials on .env file before doing first installation.

Pacs Integration DB

ODOO_DB_USER ODOO_DB_PASSWORD

 

Update the credentials on .env file before doing first installation.

Reports DB

REPORTS_DB_USERNAME REPORTS_DB_PASSWORD

Update the credentials on .env file before doing first installation.

Metabase UI

METABASE_ADMIN_EMAIL METABASE_ADMIN_PASSWORD

This creds will be used to login Metabase UI, update the credentials on .env file before doing first installation.

Metabase DB

METABASE_DB_USER METABASE_DB_PASSWORD

Update the credentials on .env file before doing first installation.

Mart DB

MART_DB_USERNAME MART_DB_PASSWORD

Update the credentials on .env file before doing first installation.

Steps needed for each Service

OpenMRS/Bahmni

For OpenMRS / Bahmni EMR UI, change credentials by:

  1. Login into OpenMRS Admin UI (https://<ip>/openmrs/) with admin rights (superman user)

  2. Go to Administration → Manage User

  3. Change the creds for admin users: superman and admin

  4. Save/Exit/Logout and login again to check the creds work as expected.

  5. Update .env file with new creds for variables OPENMRS_ATOMFEED_USER and OPENMRS_ATOMFEED_PASSWORD

OpenELIS

For OpenELIS (Lab), follow these steps after login with admin user admin: Lab Security and Access Control (OpenELIS) and then update the .env file with new creds for variables OPENELIS_ATOMFEED_USER and OPENELIS_ATOMFEED_PASSWORD

Crater

Follow these steps only if you need to update the credentials after the initial installation. If you have already updated the secure credentials in the .env file during the fresh installation, you can skip these steps.

  1. Login into the crater as admin (superman@bahmni.org).

  2. Go to Settings → Account Setting

  3. Change the password to a new one

  4. Save/Exit/Logout and login again to check the creds work as expected.

  5. Update the .env file with new creds for variables CRATER_ADMIN_EMAIL, CRATER_ADMIN_PASSWORD,

    CRATER_USERNAME and CRATER_PASSWORD

Odoo

  1. Login to Odoo with user admin and change the password.

  2. Save/Exit/Logout and login again to check the creds work as expected.

  3. Update the .env file with new creds for variables ODOO_ATOMFEED_USER and ODOO_ATOMFEED_PASSWORD

Metabase Analytics

Follow these steps only if you need to update the credentials after the initial installation. If you have already updated the secure credentials in the .env file during the fresh installation, you can skip these steps.

  1. Login to metabase with admin@mybahmni.org

  2. Go to Settings → Admin Settings → People (https://<ip>/metabase/admin/people)

  3. Click on the “…” (3 dots) on the right side of Admin user, and reset the password.

  4. Save/Exit/Logout and login again to check the creds work as expected.

  5. Update .env file with new creds for METABASE_ADMIN_EMAIL and METABASE_ADMIN_PASSWORD.

  6. Also, ensure you have set up the correct permissions for other users: Securing Metabase & Bahmni Mart Analytics Tool

DCM4chee

  1. Login to Dcm4chee service with admin user: admin

  2. Change password.

  3. Save/Exit/Logout and login again to check the creds work as expected. We don't have to update anything on .env file.

Databases

  1. Note, the app services like openmrs, or crater, or odoo should be shut down, before changing DB service credentials, to ensure none of the services are connected to DB.

  2. For databases you will need to ssh/exec into each container (docker compose exec <db-servicename>, and then using mysql or pgsql command, connect and then rename. To connect to a database see: Connecting to various databases.

  3. To reset password for MySQL see: https://dev.mysql.com/doc/refman/8.0/en/resetting-permissions.html and for Postgres see: https://www.geeksforgeeks.org/postgresql-reset-password-for-postgres/ (step 4 onwards).

  4. Once done, then update the .env file with new DB credentials and restart the service.

The Bahmni documentation is licensed under Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0)