Skip to main content

Resetting Neuvector Password

Resetting the password to gain access

If, for whatever reason, the password for any of the neuvector instances isn’t working and the admin account is being locked out, you can reset the password.

The official guide from which these instructions were taken can be found here.

Connect to the AKS cluster for the environment the neuvector pods are in e.g. cft-aat-00-aks

Connect to one of the controller pods:

kubectl exec -it <controller_pod> -n neuvector -- sh

Check if admin entry exists by running the command below and save the output JSON somewhere for safekeeping. (If the entry does not exist, please stop and consult with NeuVector Support.)

consul kv get object/config/user/admin

Take the output from the above consul kv get command and replace the password_hash string with the below hash string for “admin”.

c7ad44cbad762a5da0a452f9e854fdc1e0e7a52a38015f23f3eab1d80b931dd472634dfac71cd34ebc35d16ab7fb8a90c81f975113d6c7538dc69dd8de9077ec

Apply the update JSON by replacing the existing password_hash with the password_hash above. The single quotes surrounding the JSON are needed. (It is best to craft this command inside a text editor to verify before applying it to the controller shell.)

The full command should be:

consul put object/config/user/admin '{"fullname":"admin","username":"admin","password_hash":"c7ad44cbad762a5da0a452f9e854fdc1e0e7a52a38015f23f3eab1d80b931dd472634dfac71cd34ebc35d16ab7fb8a90c81f975113d6c7538dc69dd8de9077ec","pwd_reset_time":"2023-03-23T21:25:23.75136146Z","pwd_hash_history":null,"domain":"","server":"","email":"","role":"admin","role_oride":false,"timeout":300,"locale":"en","role_domains":{},"last_login_at":"2023-03-23T21:25:01.981582916Z","login_count":1,"failed_login_count":0,"block_login_since":"0001-01-01T00:00:00Z"}'

Note that the password_hash has been changed and the failed_login_count is set to 0.

The below message gets returned upon successful update.

Success! Data written to: object/config/user/admin

You should now be able to login to neuvector with the default credentials.

Updating the password in the console

Now that you’ve got into the console, you must reset the password to a more secure value.

We have a keyvault secret already which you should use as the new password.

Get the secret from the cftptl-intsvc keyvault. It is called neuvector-new-admin-password.

Go to Settings and click the Reset password button.

neuvector-user-settings

Enter the password into the reset password dialog box:

reset-password-dialog

This page was last reviewed on 24 May 2024. It needs to be reviewed again on 24 May 2025 by the page owner platops-build-notices .
This page was set to be reviewed before 24 May 2025 by the page owner platops-build-notices. This might mean the content is out of date.