Review Last Modified value of Terraform Enterprise Built-in Administrator Password

Avatar
Ilker van den Berg
  • Updated

Introduction

This article describes how to retrieve the last modified date of the built-in administrator password in Terraform Enterprise by querying its internal PostgreSQL database.

Problem

The last modified date for the built-in administrator account's password is not available in the Terraform Enterprise UI or through the API.

Prerequisites

  • Administrative access to the underlying infrastructure hosting the Terraform Enterprise instance (e.g., SSH access to the host machine or kubectl access to the Kubernetes cluster).

Procedure

Follow these steps to connect to the database and retrieve the password's last modified timestamp.

Step 1: Connect to the PostgreSQL Database

Choose the set of commands that matches your Terraform Enterprise installation type.

For Replicated (Non-Consolidated) Installations

Connect to the tfe-atlas container and then connect to the database.

$ sudo docker exec -ti tfe-atlas /bin/bash
$ psql $DATABASE_URL

For Replicated (Consolidated) Installations

Connect to the terraform-enterprise container and use the full database connection string.

$ sudo docker exec -ti terraform-enterprise /bin/bash
$ psql postgres://$TFE_DATABASE_USER:$TFE_DATABASE_PASSWORD@$TFE_DATABASE_HOST/$TFE_DATABASE_NAME?$TFE_DATABASE_PARAMETERS

For Flexible Deployment Option (FDO) on Docker

Connect to the terraform-enterprise-tfe-1 container and use the full database connection string.

$ docker exec -ti terraform-enterprise-tfe-1 bash
$ psql postgres://$TFE_DATABASE_USER:$TFE_DATABASE_PASSWORD@$TFE_DATABASE_HOST/$TFE_DATABASE_NAME?$TFE_DATABASE_PARAMETERS

For Flexible Deployment Option (FDO) on Kubernetes

First, identify the Terraform Enterprise pod name.

$ kubectl get pods -n terraform-enterprise
## NAME                                  READY   STATUS    RESTARTS   AGE
## terraform-enterprise-bcc6bbb9f-9qqkj    1/1     Running   0          14m

Next, connect to the pod and then connect to the database.

$ kubectl exec --stdin --tty terraform-enterprise-bcc6bbb9f-9qqkj -n terraform-enterprise -- /bin/bash
$ psql postgres://$TFE_DATABASE_USER:$TFE_DATABASE_PASSWORD@$TFE_DATABASE_HOST/$TFE_DATABASE_NAME?$TFE_DATABASE_PARAMETERS

Step 2: Query the User Information

After connecting to the database, run the following SQL query. Replace <USERNAME> with the actual username of the administrator account.

select email, username, reset_password_token, created_at, updated_at from rails.users where username='<USERNAME>';

Outcome

The query returns several columns for the specified user. The updated_at column contains the timestamp indicating when the user's record, including the password, was last modified.

Additional Information

  • For more details on managing Terraform Enterprise, please refer to the official administration documentation.

Articles in this section

See more

Related articles