scriptos/keywarden
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

feat: add CLI password reset command (docker exec reset-password)

Browse Source
This commit is contained in:
Patrick Asmus
2026-04-05 22:17:46 +02:00
parent 0fcd99a191
commit 68777a5516
5 changed files with 282 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
docs/admin-guide.md
View File

@@ -246,3 +246,29 @@ Send a test email to verify SMTP configuration.
### Backup & Restore
See [Backup & Restore](backup-restore.md) for details.
## CLI Commands
Keywarden provides CLI commands for administrative tasks that can be run via `docker exec`.
### Password Reset
Reset a user's password when they are locked out or have forgotten it:
```bash
docker exec -it keywarden ./keywarden reset-password --username <name>
```
This generates a new random password, prints it to the terminal, and forces the user to change it on next login. The account lockout counter is also cleared.
To additionally disable MFA (e.g. when the user lost their TOTP device):
```bash
docker exec -it keywarden ./keywarden reset-password --username <name> --reset-mfa
```
### Help
```bash
docker exec -it keywarden ./keywarden help
```

16
docs/troubleshooting.md
View File

@@ -27,12 +27,13 @@ Common issues and solutions for Keywarden.
**Solutions**:
- Check the very first startup logs: `docker compose logs keywarden`
- If you missed the password, delete the database and restart to trigger a fresh setup:
- Reset the password via CLI command (no restart needed):
```bash
docker compose down
docker volume rm keywarden_keywarden_data
docker compose up -d
docker compose logs keywarden
docker exec -it keywarden ./keywarden reset-password --username admin
```
- If MFA is also lost, add `--reset-mfa`:
```bash
docker exec -it keywarden ./keywarden reset-password --username admin --reset-mfa
```
## Login Issues
@@ -50,7 +51,10 @@ Common issues and solutions for Keywarden.
**Solutions**:
- Wait for the lockout period to expire (default: 15 minutes)
- Ask an administrator to unlock the account from the user management page
- If you're the only owner: wait for the lockout to expire, or delete and recreate the database
- If you're the only owner: reset your password via CLI (this also clears lockout):
```bash
docker exec -it keywarden ./keywarden reset-password --username admin
```
### MFA Code Invalid