Password Security Made Easy: How We Automated Password Rotation for Magnolia CMS in Kubernetes
<p>As a certified Magnolia partner with over 20 years of experience, <a href="https://www.fastforward.ch/" rel="noopener ugc nofollow" target="_blank">fastforward websolutions</a> is hosting various <a href="https://www.magnolia-cms.com/" rel="noopener ugc nofollow" target="_blank">Magnolia CMS</a> instances in their Kubernetes clusters. For each Magnolia instance, at least one superuser exists, hence managing and in particular altering the superuser passwords manually is a tedious task. This article presents how we automated password rotation for all our Magnolia instances running in Kubernetes and how our solution integrates the <a href="https://bitwarden.com/" rel="noopener ugc nofollow" target="_blank">Bitwarden password manager</a> to automatically store those credentials.</p>
<p><img alt="" src="https://miro.medium.com/v2/resize:fit:700/0*zaPl7kmqa0o8XELj" style="height:467px; width:700px" /></p>
<p>Photo by <a href="https://unsplash.com/@towfiqu999999?utm_source=medium&utm_medium=referral" rel="noopener ugc nofollow" target="_blank">Towfiqu barbhuiya</a> on <a href="https://unsplash.com/?utm_source=medium&utm_medium=referral" rel="noopener ugc nofollow" target="_blank">Unsplash</a></p>
<h1>Initial Setup</h1>
<p>We deploy Magnolia to Kubernetes using an extension of MiroNet’s <a href="https://gitlab.com/mironet/magnolia-helm" rel="noopener ugc nofollow" target="_blank">Magnolia Helm chart</a>. The chart installs Magnolia as a StatefulSet with each pod consisting of a tomcat container, in which Magnolia is running, and an additional container, in which the <a href="https://gitlab.com/mironet/magnolia-bootstrap" rel="noopener ugc nofollow" target="_blank">Magnolia bootstrapper</a> is running.<br />
It allows to initialize the Magnolia configuration through Magnolia’s REST API, provides health check mechanisms and allows to re-enable and alter the superusers.</p>
<p><a href="https://medium.com/@pascalgerig8/password-security-made-easy-how-we-automated-password-rotation-for-magnolia-cms-in-kubernetes-356831090c91"><strong>Read More</strong></a></p>