As a certified Magnolia partner with over 20 years of experience, fastforward websolutions is hosting various Magnolia CMS instances in their Kubernetes clusters. For each Magnolia instance, at least one superuser exists, hence managing and in particular altering the superuser passwords manually is a tedious task. This article presents how we automated password rotation for all our Magnolia instances running in Kubernetes and how our solution integrates the Bitwarden password manager to automatically store those credentials.
Photo by Towfiqu barbhuiya on Unsplash
Initial Setup
We deploy Magnolia to Kubernetes using an extension of MiroNet’s Magnolia Helm chart. The chart installs Magnolia as a StatefulSet with each pod consisting of a tomcat container, in which Magnolia is running, and an additional container, in which the Magnolia bootstrapper is running.
It allows to initialize the Magnolia configuration through Magnolia’s REST API, provides health check mechanisms and allows to re-enable and alter the superusers.