Skip to content

[misc] Remove default zitadel admin user in deployment script #4482

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Sep 11, 2025
Merged

[misc] Remove default zitadel admin user in deployment script #4482

merged 2 commits into from
Sep 11, 2025

Conversation

@bcmmbaga
Copy link
Contributor

@bcmmbaga bcmmbaga commented Sep 11, 2025

Describe your changes

Issue ticket number and link

Stack

Checklist

  • Is it a bug fix
  • Is a typo/documentation fix
  • Is a feature enhancement
  • It is a refactor
  • Created tests that fail without the change (if possible)

By submitting this pull request, you confirm that you have read and agree to the terms of the Contributor License Agreement.

Documentation

Select exactly one:

  • I added/updated documentation for this change
  • Documentation is not needed for this change (explain why)

Docs PR URL (required if "docs added" is checked)

Paste the PR link from https://github.com/netbirdio/docs here:

https://github.com/netbirdio/docs/pull/__

@sonarqubecloud
Copy link

sonarqubecloud bot commented Sep 11, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@bcmmbaga bcmmbaga marked this pull request as ready for review September 11, 2025 17:12
Copilot AI review requested due to automatic review settings September 11, 2025 17:12
Copilot AI reviewed Sep 11, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds functionality to remove the default zitadel-admin user during the Zitadel deployment script initialization process. This appears to be a security enhancement to clean up default administrative accounts after deployment.

  • Adds a new function delete_default_zitadel_admin to search for and delete the default admin user
  • Integrates the deletion step into the existing init_zitadel function workflow

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@mlsmaycon mlsmaycon merged commit cf7f6c3 into main Sep 11, 2025
38 checks passed
@mlsmaycon mlsmaycon deleted the remove-default-zitadel-admin-user branch September 11, 2025 19:20
stevo11811
stevo11811 reviewed Sep 11, 2025
View reviewed changes
Copy link

@stevo11811 stevo11811 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So, we kind of skimmed over the fact that anyone that used the getting-started-with-zitadel script could have an insecure admin account exposed, understandable that this is the users responsibility, but a note should be created stating the account should be removed.

@mlsmaycon
Copy link
Collaborator

mlsmaycon commented Sep 11, 2025

So, we kind of skimmed over the fact that anyone that used the getting-started-with-zitadel script could have an insecure admin account exposed, understandable that this is the users responsibility, but a note should be created stating the account should be removed.

We are working on it. We need to check the impact and since when zitadel has had this setting enabled.

@CERT-PL-CNA
Copy link

CERT-PL-CNA commented Sep 19, 2025

We have reserved CVE-2025-10678 for that vulnerability. We will publish full CVE entry shortly.

@mlsmaycon
Copy link
Collaborator

mlsmaycon commented Sep 19, 2025
edited
Loading

We have reserved CVE-2025-10678 for that vulnerability. We will publish full CVE entry shortly.

@CERT-PL-CNA Why publish without discussing with us?

We still working with some folks.

lixmal pushed a commit that referenced this pull request Sep 19, 2025
@bcmmbaga @lixmal
[misc] Remove default zitadel admin user in deployment script (#4482)
9633ba1 
* Delete default zitadel-admin user during initialization

Signed-off-by: bcmmbaga <[email protected]>

* Refactor

Signed-off-by: bcmmbaga <[email protected]>

---------

Signed-off-by: bcmmbaga <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@mlsmaycon mlsmaycon mlsmaycon approved these changes

+1 more reviewer

@stevo11811 stevo11811 stevo11811 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@bcmmbaga @mlsmaycon @CERT-PL-CNA @stevo11811