Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Portainer admin password in a docker-compose environment

Portainer compose deployment with admin password preset

This file aims to explain how to deploy Portainer inside a compose file with the admin password already set.

Generate the admin password

For this example, we'll use the password superpassword.

Use the following command to generate a hash for the password:

docker run --rm httpd:2.4-alpine htpasswd -nbB admin 'superpassword' | cut -d ":" -f 2

The output of that command is the hashed password, it should be something similar to $2y$05$w5wsvlEDXxPjh2GGfkoe9.At0zj8r7DeafAkXXeubs0JnmxLjyw/a.

Define the password in the compose file

If you try to use the hashed password in this form directly in your Compose file, the following error will be raised:

ERROR: Invalid interpolation format for "command" option in service "portainer": "--admin-password '$2y$05$ZBq/6oanDzs3iwkhQCxF2uKoJsGXA0SI4jdu1PkFrnsKfpCH5Ae4G'"

You need to escape each $ character inside the hashed password with another $:


Example of valid Compose file:

version: '2'

    image: portainer/portainer:latest
      - "9000:9000"
    command: --admin-password '$$2y$$05$$ZBq/6oanDzs3iwkhQCxF2uKoJsGXA0SI4jdu1PkFrnsKfpCH5Ae4G'
      - local
      - /var/run/docker.sock:/var/run/docker.sock
      - portainer-data:/data

    driver: bridge


Output of docker-compose up:

docker-compose up                                                                                           !10023
Creating network "porcomp_local" with driver "bridge"
Creating volume "porcomp_portainer-data" with default driver
Creating porcomp_portainer_1 ... 
Creating porcomp_portainer_1 ... done
Attaching to porcomp_portainer_1
portainer_1  | 2018/03/08 01:18:37 Creating admin user with password hash $2y$05$ZBq/6oanDzs3iwkhQCxF2uKoJsGXA0SI4jdu1PkFrnsKfpCH5Ae4G
portainer_1  | 2018/03/08 01:18:37 Starting Portainer 1.16.3 on :9000

Now you can login to the Portainer instance using the credentials admin / superpassword.

Copy link

jgoerner commented May 11, 2018

Nice explanation, thanks a lot!

Is there any way to simplify that process (e.g. usage of an .env file with the unhashed password)?


Copy link

deviantony commented May 15, 2018

@jgoerner You might want to have a look at the --admin-password-file flag usage along secrets:

Copy link

eosemeyko commented Aug 10, 2018


Copy link

kevinshane commented Mar 6, 2019

Thanks man, but how to change the user admin to something else?

Copy link

winthrop-polk commented Jul 6, 2020

This doesn't seem to work anymore. I can't figure out why exactly but my best guess is that this argument needs to be after the image in the command formed but maybe isn't, I can't see the actual formed command from the compose file

When I run the following (PW: password) in the cmd it works:

docker run -d -p 9000:9000 -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock portainer/portainer --admin-password $2y$05$b0DgtG94LtpeuqEKHRYYreEf2rqBI5.4Rin.38.ENaAlL/7TeKX2q

But this fails as does all the single/double/no quote and $ escape approaches I can think of.

version: '3.8'

    restart: always
    image: "portainer/portainer:latest"
    - "9000:9000"
    - "portainer_data:/data"
    - "/var/run/docker.sock:/var/run/docker.sock"
    container_name: Managers
    command: --admin-password $$2y$$05$$b0DgtG94LtpeuqEKHRYYreEf2rqBI5.4Rin.38.ENaAlL/7TeKX2q

EDIT - SOLVED: Problem Found - "./portainer/portainer_data:/data"

Copy link

MuriloChianfa commented Nov 16, 2021

I set the admin password directly on Dockerfile!

  1. Create a script to generate your password:
$ cat <<EOF >
#!/usr/bin/env bash
if [ -z "\$1" ]; then
    echo -e "\\nPlease call '\$0 <password>' to run this command!\\n"
    exit 1
htpasswd -nb -B admin \$1 | cut -d ":" -f 2
  1. Give your permission:
chmod u+x
  1. generate your password:
./ c7e694055489cb2051195a2be1740992

Output: $2y$05$bGljp9ThZkfNaZuKvDUB3uKpXecI5SDZ6s6Xga8azv4JQUDXmHV82

  1. Put in "CMD" of the Dockerfile:
# Set fixed portainer image
FROM portainer/portainer-ce:latest

# Set default admin password at startup
CMD ["--admin-password", "$2y$05$bGljp9ThZkfNaZuKvDUB3uKpXecI5SDZ6s6Xga8azv4JQUDXmHV82"]

# Default portainer web port

Here you NOT need to be replace $ to $$!

Copy link

strgalt-t commented Feb 23, 2022

As @MuriloChianfa commented, at one point Portainers behavior changed. You no longer need to escape the $. Seeing the comment first would have saved me quite some time.

Copy link

chris-cadev commented Mar 15, 2022

The explanation is awesome.
But I try it as:

version: '3'
            - '8001:8000'
            - '9443:9443'
            - '9091:9000'
        restart: always
        command: --admin-password '$<password-encrypted>'
        container_name: portainer
            - "/var/run/docker.sock:/var/run/docker.sock"
            - "portainer_data:/data"
        image: 'portainer/portainer-ce:2.9.3'


and I got this error:

ERROR: Invalid interpolation format for "command" option in service "portainer-ce": "--admin-password '$<password-encrypted>'"

Did I do something wrong?

Copy link

chris-cadev commented Mar 15, 2022

Did I do something wrong?

I notice my error, in the encrypted for each $ we need to escape them as $$

Copy link

LostOnTheLine commented Aug 19, 2022

Thanks man, but how to change the user admin to something else?

I am having the same issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment