2.1 KiB
Disabling the Admin Interface
:::caution Backup Reminder
Before proceeding, ensure that you have backed up important configurations, especially when making changes to configuration files or secrets. It's also advisable to back up the Vaultwarden database to prevent potential data loss.
:::
This guide is a combination of the upstream documentation and how we implemented it.
Modify the Host Secret
To start with the deactivation, you must first modify the secret on the host's shell. Execute the following command:
k3s kubectl patch secret vaultwarden-vaultwardensecret -n ix-vaultwarden --type='json' -p='[{"op": "remove", "path": "/data/ADMIN_TOKEN"}]'
:::info Command Explanation
The command above utilizes kubectl, a command-line tool for interacting with Kubernetes clusters. Here's a breakdown:
k3s: This is a lightweight version of Kubernetes.patch secret vaultwarden-vaultwardensecret: This indicates that we are patching (modifying) the secret namedvaultwarden-vaultwardensecret.-n ix-vaultwarden: This specifies the namespace (ix-vaultwarden) in which the secret resides.--type='json': Specifies that the patch content is of type JSON.-p='[{"op": "remove", "path": "/data/ADMIN_TOKEN"}]': This JSON patch instruction tells Kubernetes to remove theADMIN_TOKENfield from the secret.
:::
Update Container Config
Next, while inside the Vaultwarden container, run the command below to modify the config.json file:
sed -i.bak '/admin_token/d' /data/config.json
:::info Command Explanation
- The
sedcommand is used to search and delete the line containingadmin_tokenfrom theconfig.jsonfile. - A backup of the original
config.jsonis created with the.bakextension before making the change.
:::
Adjust the App Configuration
Finally, head to the Vaultwarden app's configuration:
- Find and disable the admin interface option (if it is still enabled).
- Click "Save" at the bottom to apply the changes.