What is the default password of argocd?

Question

I have installed argocd on aks using below command:

kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/master/manifests/install.yaml

Then I change it to load balancer service.

kubectl edit svc argocd-server -n argocd

Now, when I connect to argocd web ui, I wasm't able to connect with below credentials.

user: admin password: argocd-server-9b77b6575-ts54n

Password got from below command as mentioned in docs.

kubectl get po -n argocd
NAME                                 READY   STATUS    RESTARTS   AGE
argocd-application-controller-0      1/1     Running   0          21m
argocd-dex-server-5559bc9679-5mj4v   1/1     Running   1          21m
argocd-redis-74d8c6db65-sxbnt        1/1     Running   0          21m
argocd-repo-server-6866f58df-m59sr   1/1     Running   0          21m
argocd-server-9b77b6575-ts54n        1/1     Running   0          21m

Please suggest me how to login, what is the default credentials.

Even I tried resetting it using this command.

kubectl -n argocd patch secret argocd-secret -p '{"stringData": {
    "admin.password": "$2a$10$Ix3Pd7mywOwVWOK8eSSY0uo60V6Vf6DtZljGuLwGRHQNnWNBbOLhW",
    "admin.passwordMtime": "'$(date +%FT%T%Z)'"
  }}'

But getting this error:

Error from server (BadRequest): invalid character 's' looking for beginning of object key string
Error from server (NotFound): secrets "2021-07-08T12:59:15IST" not found
Error from server (NotFound): secrets "\n  }}" not found

Answer 1

You get the password by typing

kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d

With kubectl get pods you get the pod name, not the password. It is common that applications save the password into a Kubernetes Secret. The secret values are base64 encoded, so to update the secret it has to be valid base64 echo newpassword | base64. Allthough keep in mind updating the secret does not change the application password.

Answer 2

user: admin

To get the password, type the command below:

kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d

Answer 3

Visit https://github.com/argoproj/argo-cd/blob/master/docs/faq.md

#bcrypt(password)=$2a$10$rRyBsGSHK6.uc8fntPwVIuLVHgsAhAX7TcdrqW/RADU0uh7CaChLa
kubectl -n argocd patch secret argocd-secret \
  -p '{"stringData": {
    "admin.password": "$2a$10$rRyBsGSHK6.uc8fntPwVIuLVHgsAhAX7TcdrqW/RADU0uh7CaChLa",
    "admin.passwordMtime": "'$(date +%FT%T%Z)'"
  }}'

your new password is "password"

Answer 4

Using tools like Rancher or Lens (or OpenLens), you can see the secrets.

You may find the Argocd admin password is in a argocd-initial-admin-secret secret (at least for Argocd v2.3.3) :

OpenLens :

Rancher :

Answer 5

A solution to this (Local ArgoCD setup)👇🏼

1. Patch secret to update password.

kubectl -n argocd patch secret argocd-secret  -p '{"data": {"admin.password": null, "admin.passwordMtime": null}}'

That will reset the password to the pod name.

2. Restart the api-server pod. Do this by scaling the pod replica to zero and then back to one.

kubectl -n argocd scale deployment argocd-server --replicas=0

once scaled-down, make sure to scale back up and wait a few minutes before

kubectl -n argocd scale deployment argocd-server --replicas=1

3. New password of the ArgoCD will be your api-server pod name with the numbers at the end name (kubectl -n argocd get po >> to find pod name)

i.e login:

• user: admin
• pass: argocd-server-6cdb9b4b84-jvl58

That should work.

Answer 6

Initial password could also be retrieved using the argocd CLI. Related documentation

• Install the CLI (in Mac using homebrew):

brew install argocd

Installation instructions for other platforms are here

• Get the initial password

argocd admin initial-password -n argocd

Answer 7

You can get the password by using following command

kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d

To reset password you might remove admin.password and admin.passwordMtime keys from argocd-secret and restart api server pod. Password will be reset to pod name.

kubectl patch secret argocd-secret  -p '{"data": {"admin.password": null, "admin.passwordMtime": null}}' -n argocd

alternatively once you login you can change the password by using below command from the argocd cli

argocd account update-password

Answer 8

To change the password, edit the argocd-secret secret and update the admin.password field with a new bcrypt hash.

Answer 9

If you're running ArgoCD > 1.9 then you can reset your admin password by patching argocd-secret

kubectl -n argocd patch secret argocd-secret \
-p '{"stringData": {"admin.password": "'$(htpasswd -bnBC 10 "" <adminpwd> | tr -d ':\n' | sed 's/$2y/$2a/')'", "admin.passwordMtime": "'$(date +%FT%T%Z)'"}}'

replace <adminpwd> with your admin password.

It requires you to have htpasswd

Answer 10

A Step-by-Step Guide to Resetting Admin Passwords:

Step 1: Invalidating Admin Credentials

To initiate the password reset, we start by invalidating the current admin credentials. Run the following kubectl command to patch the ArgoCD secret:

kubectl patch secret argocd-secret -n argocd -p '{"data": {"admin.password": null, "admin.passwordMtime": null}}'

This step renders the existing admin password useless, ensuring a clean slate for the upcoming password reset.

— -

Step 2: Restarting ArgoCD Server Pods

Next, to apply the changes made in Step 1, we need to restart the ArgoCD server pods. Execute the following command to gracefully restart the pods:

kubectl delete pods -n argocd -l app.kubernetes.io/name=argocd-server

This ensures that the changes take effect and the ArgoCD server picks up the updated secret.

— -

Step 3: Decrypting the New Password

Now that the admin credentials are reset, let’s generate a new password and decrypt it for secure access.

Run the following command to retrieve and decrypt the new password from the argocd-initial-admin-secret:

kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d

This command fetches the base64-encoded password, decodes it, and displays the new admin password.

— -

My Medium article: securing-argocd-a-step-by-step-guide-to-resetting-admin-passwords

Answer 11

I encountered a similar issue, and during my troubleshooting process, I discovered that despite all my ArgCD pods being functional, the node group was facing health issues due to insufficient permissions on AWS.

Here's a step-by-step solution:

The admin is generated automatically post-deployment. However, if the node group's health is compromised, the deployment of the argocd-initial-admin-secret pod might be hindered.

Verify the health of the node group and ensure it is in a healthy state.

Ensure that both the Kubernetes cluster and the node group have the necessary permissions.

Refer to the image below for further clarification:

Node group permissions

Answer 12

This was the only thing that worked for me:

kubectl -n argocd get secret argocd-initial-admin-secret \
      -o jsonpath="{.data.password}" | base64 -d; echo

Answer 13

Method 1: You can use the one step command:

kubectl get secret -n argocd argocd-initial-admin-secret -o jsonpath='{.data.password}' | base64 --decode

Method 2: You can use the below commands:

• You can find the default password as suggested in the Kubernetes documentation. First run the below command.

  kubectl get secret -n argocd

• Then you will find the secret argocd-initial-admin-secret.

• Next find the password using the below command.

  kubectl get secret -n argocd argocd-initial-admin-secret -o jsonpath='{.data}'

• As the output, you'll get something like this. {"password":"UyFCXCpkJHpEc2I9XRMTA=="}%

• Finally, you can decode it as below.

  echo UyFCXCpkJHpEc2I9XRMTA== | base64 --decode

Put admin as the username & decoded password as the password.

eg: username: admin, password: OxU42WMbomtL