Password Security Made Easy: How We Automated Password Rotation for Magnolia CMS in Kubernetes

<p>As a certified Magnolia partner with over 20 years of experience,&nbsp;<a href="https://www.fastforward.ch/" rel="noopener ugc nofollow" target="_blank">fastforward websolutions</a>&nbsp;is hosting various&nbsp;<a href="https://www.magnolia-cms.com/" rel="noopener ugc nofollow" target="_blank">Magnolia CMS</a>&nbsp;instances in their Kubernetes clusters. For each Magnolia instance, at least one superuser exists, hence managing and in particular altering the superuser passwords manually is a tedious task. This article presents how we automated password rotation for all our Magnolia instances running in Kubernetes and how our solution integrates the&nbsp;<a href="https://bitwarden.com/" rel="noopener ugc nofollow" target="_blank">Bitwarden password manager</a>&nbsp;to automatically store those credentials.</p> <p><img alt="" src="https://miro.medium.com/v2/resize:fit:700/0*zaPl7kmqa0o8XELj" style="height:467px; width:700px" /></p> <p>Photo by&nbsp;<a href="https://unsplash.com/@towfiqu999999?utm_source=medium&amp;utm_medium=referral" rel="noopener ugc nofollow" target="_blank">Towfiqu barbhuiya</a>&nbsp;on&nbsp;<a href="https://unsplash.com/?utm_source=medium&amp;utm_medium=referral" rel="noopener ugc nofollow" target="_blank">Unsplash</a></p> <h1>Initial Setup</h1> <p>We deploy Magnolia to Kubernetes using an extension of MiroNet&rsquo;s&nbsp;<a href="https://gitlab.com/mironet/magnolia-helm" rel="noopener ugc nofollow" target="_blank">Magnolia Helm chart</a>. The chart installs Magnolia as a StatefulSet with each pod consisting of a tomcat container, in which Magnolia is running, and an additional container, in which the&nbsp;<a href="https://gitlab.com/mironet/magnolia-bootstrap" rel="noopener ugc nofollow" target="_blank">Magnolia bootstrapper</a>&nbsp;is running.<br /> It allows to initialize the Magnolia configuration through Magnolia&rsquo;s REST API, provides health check mechanisms and allows to re-enable and alter the superusers.</p> <p><a href="https://medium.com/@pascalgerig8/password-security-made-easy-how-we-automated-password-rotation-for-magnolia-cms-in-kubernetes-356831090c91"><strong>Read More</strong></a></p>
Tags: CMS Kubernetes