Are you getting “Invalid username or password” while trying to log in to ArgoCD as admin?
In this article, I’ll walk you through the process of resetting the ArgoCD admin password.
Whether you’ve forgotten the ArgoCD admin password or need to update it for security reasons, these clear instructions will help you get back in control.
Cool Tip: Forcefully delete a stuck ArgoCD application! Read more →
Reset ArgoCD Admin Password
While trying to log in to ArgoCD as admin you may get the “Invalid username or password” error:
$ argocd login <ARGOCD_URL> --username admin --password ******* --skip-test-tls --grpc-web
- sample output -
time="" level=fatal msg="rpc error: code = Unauthenticated desc = Invalid username or password"
To reset the ArgoCD admin password it is required to delete the values of admin.password and admin.passwordMtime that are stored as K8s secret object argocd-secret in the namespace in which ArgoCD is installed (default argocd):
$ kubectl patch secret argocd-secret \
-p '{"data": {"admin.password": null, "admin.passwordMtime": null}}'
- sample output -
secret/argocd-secret patched
Restart ArgoCD server to generate the new admin password:
$ kubectl rollout restart deployment.apps/argocd-server
- sample output -
deployment.apps/argocd-poc-server restarted
The new admin password will be saved as argocd-initial-admin-secret object, that can be retrieved as follows:
$ kubectl get secret argocd-initial-admin-secret \
-o jsonpath="{.data.password}" | base64 -d
- sample output -
RCUmfqHpZrwHXUUt
Log into ArgoCD using the new admin password:
$ argocd login <ARGOCD_URL> --username admin --password ******* --skip-test-tls --grpc-web
- sample output -
'admin:login' logged in successfully
Context '<ARGOCD_URL>' updated
To change the ArgoCD admin password, execute:
$ argocd account update-password
- sample output -
*** Enter password of currently logged in user (admin):
*** Enter new password for user admin:
*** Confirm new password for user admin:
Password updated
Context '<ARGOCD_URL>' updated
⚠️ Warning! ArgoCD stores only bcrypt-ed hashes of the passwords. So if the password is lost – it cannot be recovered. You will only be able to reset it.