Skip to content
LyftData Docs

Reset an Admin Password

Use this runbook when the admin password is lost and you cannot sign in through the normal login flow.

What this guide does

LyftData does not currently provide a self-service “forgot password” flow on the login page. Password reset is an operator task.

  • If another admin can still sign in, use the UI to set a new password for the affected user.
  • If no admin session remains, reset the built-in admin account from the server host by restarting the service once with --reset-admin-password and a new LYFTDATA_ADMIN_INIT_PASSWORD.

Before you start

  • Choose a strong replacement password.
  • Admin passwords must be at least 12 characters and include:
    • one uppercase character
    • one lowercase character
    • one digit
  • Identify your server host, service name, environment file, and binary path.

Two common layouts are:

  • Documentation install example:
    • service: lyftdata-server
    • env file: /etc/default/lyftdata-server
    • binary: /usr/sbin/lyftdata
  • Reverse-proxied production install:
    • service: lyftdata
    • env file: /etc/lyftdata/lyftdata.env
    • binary: /opt/lyftdata/current/bin/lyftdata

The steps below use the second layout. Substitute your own paths if your installation differs.

Fast path when another admin can still sign in

If another admin session is available:

  1. Sign in to the UI with that working admin account.
  2. Open Settings > Users.
  3. Edit the affected user and set a new password.
  4. Sign out and confirm the updated password works from a fresh login screen.

Use the host-side reset only when no working admin session remains.

Break-glass reset on Linux (systemd)

1. Connect to the host and stage a new password

Terminal window
ssh <server-host>
sudoedit /etc/lyftdata/lyftdata.env

Add or update:

LYFTDATA_ADMIN_INIT_PASSWORD=YourNewStrongPass123

2. Add a one-restart systemd override

Create a runtime-only override for the service:

Terminal window
sudo systemctl edit --runtime lyftdata

Paste:

[Service]
ExecStart=
ExecStart=/opt/lyftdata/current/bin/lyftdata run server --bind-address 127.0.0.1:3000 --disable-tls --reset-admin-password

This keeps the normal service definition intact and adds the reset flag for the next restart only.

3. Restart the service

Terminal window
sudo systemctl restart lyftdata
sudo systemctl status lyftdata --no-pager

At startup, LyftData deletes and recreates the built-in admin user using the password from LYFTDATA_ADMIN_INIT_PASSWORD.

4. Sign in with the new password

Open the normal server URL and log in again as admin.

For example, if your installation is reverse-proxied behind a public hostname, log in at that normal server URL.

Examples:

  • https://lyftdata.example.com
  • https://localhost:3000

If sign-in still fails, inspect the service logs:

Terminal window
sudo journalctl -u lyftdata -n 100 --no-pager

Common causes are:

  • the new password does not meet the admin password policy
  • the service override was not applied
  • the environment file was edited incorrectly

5. Remove the temporary reset configuration

Once you have confirmed the new password works:

Terminal window
sudo systemctl revert lyftdata
sudoedit /etc/lyftdata/lyftdata.env

Remove the temporary LYFTDATA_ADMIN_INIT_PASSWORD value unless you intentionally keep it in your service configuration.

Then restart back onto the normal service definition:

Terminal window
sudo systemctl restart lyftdata

Adapt this to another install

If you followed the generic Linux install guide instead of the reverse-proxied production layout above, swap the service/env/binary values:

  • service: lyftdata-server
  • env file: /etc/default/lyftdata-server
  • binary: /usr/sbin/lyftdata

The reset pattern stays the same:

  1. Set LYFTDATA_ADMIN_INIT_PASSWORD in the service environment file.
  2. Restart once with --reset-admin-password.
  3. Verify login.
  4. Remove the temporary reset settings.