[Feature request] Support configuring initial credentials via environment variables #17319
Description
Search before asking
- I searched in the issues and found nothing similar.
Motivation
When deploying IoTDB in a containerized or orchestrated environment (e.g. Kubernetes), there is currently no way to set the initial user credentials through environment variables. The only documented approach is to start the server with default credentials, manually connect, and run:
ALTER USER root SET PASSWORD 'newpwd';
This is impractical for automated deployments where manual intervention is not an option.
Requested behavior:
The entrypoint/startup scripts should check for the presence of environment variables — for example IOTDB_USER and IOTDB_PASSWORD — and, if set, apply those credentials automatically on first startup. This would allow orchestration tools (Helm charts, Docker Compose, etc.) to inject credentials via secrets without requiring a manual post-deploy step.
Use case:
- name: IOTDB_USER
valueFrom:
secretKeyRef:
name: iotdb-secret
key: iotdb-user
- name: IOTDB_PASSWORD
valueFrom:
secretKeyRef:
name: iotdb-secret
key: iotdb-password
In a Kubernetes Helm chart, we inject IOTDB_USER and IOTDB_PASSWORD into the pod spec from a Secret:
The environment variables are present inside the container, but IoTDB ignores them entirely. The server starts with the default root/root credentials regardless.
Solution
If IOTDB_USER and IOTDB_PASSWORD are set, the startup scripts should apply them (e.g. by running the equivalent of ALTER USER root SET PASSWORD ...) so the instance is ready to use with the desired credentials without manual intervention.
Alternatives
No response
Are you willing to submit a PR?
- I'm willing to submit a PR!