Easysearch automatically creates an admin user through the user.yml configuration file during initialization. The default configuration appears as follows:

admin:
  hash: "$2y$12$mA9DDk7iOBQA3u.Ebc0QSOVKsgwlkm6OJcrEcpyrTrT5M5It86usq"
  reserved: true
  external_roles:
    - "admin"
  description: "Default administrator account"

Two approaches exist to resetting this password: modifying the configuration file or utilizing the user management API.

Configuration File Method

Edit the user.yml file and replace the hash value with a new one:

admin:
  hash: "$2y$12$lszyO4fy25WKClSMZj7lIuQUse2UGuWBof1L1jL0qoXz6S5Yt/RS2"
  reserved: true
  external_roles:
    - "admin"
  description: "Default administrator account"

The hash value represents the bcrypt-encrypted password. Generate a new hash using the bin/hash_password.sh -p "your_plaintext_password" command.

After modifying user.yml, you must delete the .security system index and restart the cluster to regenerate it. Direct operations on .security require admin certificates due to its protected status.

Admin certificates (admin.crt and admin.key) are generated in the config directory when running bin/initialize.sh. Use these certificates to delete the .security index, then restart all cluster nodes to apply changes.

Note: In multi-node deployments, ensure all nodes share identical user.yml configurations and restart every node.

API Method

Since the admin user has reserved: true set, password resets must be performed with higher-privilege admin certificates through the user API. Refer to the official documentation for detailed API operations.

Comparison

The API method is recommended for password resets due to its simplicity and reduced operational risk.