Set admin password via conjurctl

[h-artzi]

Is your feature request related to a problem? Please describe.

I was deploying Conjur in a Fargate cluster. To create the first account I utilized conjurctl account create <name>. This provides the api key for the admin user of this account. Currently, I am retrieving the api key from the logs. However, I am looking for a more secure method to retrieve the admin user's api key.

Describe the solution you would like

I would like to see a command such as conjurctl account create where I can set the password for the admin user. It will create a more user-friendly and secure solution to retrieving/setting the admin user's credentials.

After running conjurctl account create <name> <password> I will be able to use the provided password to authenticate with Conjur.

Describe alternatives you have considered

Options I have considered:

1. Output the api key to the logs
   • Not secure
2. change the password via REST API
   • A potential solution but not very user-friendly. It complicates the bash that is executed on every instance upon instantiation. However, there is a benefit that the event is audited.
3. Write to a file and SSH into the container
   • I do not want to enable users to SSH into the Fargate instances

[rafis3]

Thanks for raising this enhancement idea @h-artzi! What do you think about also supporting getting the password from STDIN, so that the user could supply it without making it visible in the command line?

[h-artzi]

Thanks for bringing this up! I am planning on allowing the user to either provide the password via a file or STDIN.