Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Portainer admin password in a docker-compose environment

Portainer compose deployment with admin password preset

This file aims to explain how to deploy Portainer inside a compose file with the admin password already set.

Generate the admin password

For this example, we'll use the password superpassword.

Use the following command to generate a hash for the password:

docker run --rm httpd:2.4-alpine htpasswd -nbB admin 'superpassword' | cut -d ":" -f 2

The output of that command is the hashed password, it should be something similar to $2y$05$w5wsvlEDXxPjh2GGfkoe9.At0zj8r7DeafAkXXeubs0JnmxLjyw/a.

Define the password in the compose file

If you try to use the hashed password in this form directly in your Compose file, the following error will be raised:

ERROR: Invalid interpolation format for "command" option in service "portainer": "--admin-password '$2y$05$ZBq/6oanDzs3iwkhQCxF2uKoJsGXA0SI4jdu1PkFrnsKfpCH5Ae4G'"

You need to escape each $ character inside the hashed password with another $:

$$2y$$05$$ZBq/6oanDzs3iwkhQCxF2uKoJsGXA0SI4jdu1PkFrnsKfpCH5Ae4G

Example of valid Compose file:

version: '2'

services:
  portainer:
    image: portainer/portainer:latest
    ports:
      - "9000:9000"
    command: --admin-password '$$2y$$05$$ZBq/6oanDzs3iwkhQCxF2uKoJsGXA0SI4jdu1PkFrnsKfpCH5Ae4G'
    networks:
      - local
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - portainer-data:/data

networks:
  local:
    driver: bridge

volumes:
  portainer-data:

Output of docker-compose up:

docker-compose up                                                                                           !10023
Creating network "porcomp_local" with driver "bridge"
Creating volume "porcomp_portainer-data" with default driver
Creating porcomp_portainer_1 ... 
Creating porcomp_portainer_1 ... done
Attaching to porcomp_portainer_1
portainer_1  | 2018/03/08 01:18:37 Creating admin user with password hash $2y$05$ZBq/6oanDzs3iwkhQCxF2uKoJsGXA0SI4jdu1PkFrnsKfpCH5Ae4G
portainer_1  | 2018/03/08 01:18:37 Starting Portainer 1.16.3 on :9000

Now you can login to the Portainer instance using the credentials admin / superpassword.

@jgoerner
Copy link

jgoerner commented May 11, 2018

Nice explanation, thanks a lot!

Is there any way to simplify that process (e.g. usage of an .env file with the unhashed password)?

Best
Joshua

@deviantony
Copy link
Author

deviantony commented May 15, 2018

@jgoerner You might want to have a look at the --admin-password-file flag usage along secrets: http://portainer.readthedocs.io/en/stable/configuration.html#inside-a-file

@eosemeyko
Copy link

eosemeyko commented Aug 10, 2018

Thanks!

@kevinshane
Copy link

kevinshane commented Mar 6, 2019

Thanks man, but how to change the user admin to something else?

@winthrop-polk
Copy link

winthrop-polk commented Jul 6, 2020

This doesn't seem to work anymore. I can't figure out why exactly but my best guess is that this argument needs to be after the image in the command formed but maybe isn't, I can't see the actual formed command from the compose file

When I run the following (PW: password) in the cmd it works:

docker run -d -p 9000:9000 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer --admin-password $2y$05$b0DgtG94LtpeuqEKHRYYreEf2rqBI5.4Rin.38.ENaAlL/7TeKX2q
8599d1d2f92cffbfd9a419ad4307c1e98d29990ce16c95f82a6737410d34e84c

But this fails as does all the single/double/no quote and $ escape approaches I can think of.

version: '3.8'

services:
  MGMT:
    restart: always
    image: "portainer/portainer:latest"
    ports:
    - "9000:9000"
    volumes:
    - "portainer_data:/data"
    - "/var/run/docker.sock:/var/run/docker.sock"
    container_name: Managers
    command: --admin-password $$2y$$05$$b0DgtG94LtpeuqEKHRYYreEf2rqBI5.4Rin.38.ENaAlL/7TeKX2q
volumes:
  portainer_data:

EDIT - SOLVED: Problem Found - "./portainer/portainer_data:/data"

@MuriloChianfa
Copy link

MuriloChianfa commented Nov 16, 2021

I set the admin password directly on Dockerfile!

  1. Create a script to generate your password:
$ cat <<EOF > portainer-pass.sh
#!/usr/bin/env bash
    
if [ -z "\$1" ]; then
    echo -e "\\nPlease call '\$0 <password>' to run this command!\\n"
    exit 1
fi
    
htpasswd -nb -B admin \$1 | cut -d ":" -f 2
EOF
  1. Give your permission:
chmod u+x portainer-pass.sh
  1. generate your password:
./portainer-pass.sh c7e694055489cb2051195a2be1740992

Output: $2y$05$bGljp9ThZkfNaZuKvDUB3uKpXecI5SDZ6s6Xga8azv4JQUDXmHV82

  1. Put in "CMD" of the Dockerfile:
# Set fixed portainer image
FROM portainer/portainer-ce:latest

# Set default admin password at startup
CMD ["--admin-password", "$2y$05$bGljp9ThZkfNaZuKvDUB3uKpXecI5SDZ6s6Xga8azv4JQUDXmHV82"]

# Default portainer web port
EXPOSE 9443

Here you NOT need to be replace $ to $$!

@strgalt-t
Copy link

strgalt-t commented Feb 23, 2022

As @MuriloChianfa commented, at one point Portainers behavior changed. You no longer need to escape the $. Seeing the comment first would have saved me quite some time.

@chris-cadev
Copy link

chris-cadev commented Mar 15, 2022

The explanation is awesome.
But I try it as:

version: '3'
services:
    portainer-ce:
        ports:
            - '8001:8000'
            - '9443:9443'
            - '9091:9000'
        restart: always
        command: --admin-password '$<password-encrypted>'
        container_name: portainer
        volumes:
            - "/var/run/docker.sock:/var/run/docker.sock"
            - "portainer_data:/data"
        image: 'portainer/portainer-ce:2.9.3'

volumes:
  portainer_data:

and I got this error:

ERROR: Invalid interpolation format for "command" option in service "portainer-ce": "--admin-password '$<password-encrypted>'"

Did I do something wrong?

@chris-cadev
Copy link

chris-cadev commented Mar 15, 2022

Did I do something wrong?

I notice my error, in the encrypted for each $ we need to escape them as $$

@LostOnTheLine
Copy link

LostOnTheLine commented Aug 19, 2022

Thanks man, but how to change the user admin to something else?

I am having the same issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment