Teleport create resource user no option for password


#1

Ported from issue 2531

Wondering if this could be an option.

When standing up a stack often we’ll want to drop a sort of “devops/admin” user down on the stack (when not using a connector) with some sort of default password.

Although I can run:
tctl create --force user.yml

I cannot set a manual password. I am required to follow the invite token and set a pw in the UI.

So about the best option i’ve got for scripting is physically writing the invite url to file and later connecting to the machine with ansible to return the output of said file to ansible debug/output. so the user can follow the link and login to the newly created teleport stack.

What do you guys think? Am I missing something.


#2

Instead of having unattended or super-admin users, we recommend using SSH certificates for automation. You can create a cron-job or any other automation job periodically publishes certificates to some secret storage to be later consumed by robot bots.

Let me know if that’s helpful, otherwise we can continue discussing possible options here.