Home / BeaverDeck / Docs / Configuration Guide / Password hashes

Generate Local Password Hashes

Permissions: generating a hash is local and needs no BeaverDeck permission. Importing it through User Management requires mode: admin; writing it directly requires Kubernetes update access to the auth Secret.

The hash command is built into BeaverDeck. Run it with the BeaverDeck container image; Docker is the only required local utility.

docker run --rm arequs/beaverdeck:latest hash-password 'your-password'

The command prints a bdk1$... value. Use that complete value as users[].password_hash in the auth configuration Secret.

Shell history: passing the password directly as a command argument can save it in your shell history. Do not use this form when you need to keep the password out of command history; the utility can read the password from standard input when the argument is omitted.