Zope admin password rollover

Hi all,

What is the current practice advised by the community to change password of Zope admin ?
We would like to automate regular change of that password on our Zope instances.

Is there a utility script that I do not know of ?

Are people doing it TTW via curl or sthing else ?

Any hints welcome.

Why not just TTW manually in the browser ( /manage_main )?

Because we want to store them in Hashicorp Vault. And automate the update in dozens of Zope instances when they are changed.

We use now collective.big.bang to update zope admin password and create new fresh Plone site.

Here is code to update Zope admin password : collective.big.bang/big.py at main · collective/collective.big.bang · GitHub. Before this package we use similar code on a "instance run script".

Technically this package is called on subscriber "zope.processlifetime.IProcessStarting", so just before "Ready to handle requests" appears on logs.

The package is still in alpha version, but we used it on Plone 6 and on Plone 4. I also know this package is still perfectible

1 Like

If you Zope installations use ZEO, I would write a Python script running through a ZEO client performing the user/credentials update.

@bsuttor interesting. Can you elaborate what c.big.bang does differently/better than the plonesite buildout recipe?

@tisto we develop this for containerized Plone instances.
Indeed, c.big.bang is different of plonesite buildout recipe. At this moment, plonesite buildout recipe make more than c.big.bang can do.
Main differences are:

  • We create your image with multi-stage image to limit the size of images, and we do not have buildout installed/present into your images. Indeed zc.buildout is not needed for running Plone instance.
  • We based creation of new Plone site on environment variables, we think it's easier to use and implements on containerized app (actually, maybe it's also possible with plonesite recipe).
  • We do not have to start a command to create a Plone site, bin/instance console make the job. So creation of new Plone it's easier to deploy on your continue deployment solution.
1 Like

Plone Foundation Code of Conduct