Skip to content

[Feature Request]: Make users change default admin passwords and secrets for production deployments. #974

New issue
New issue
Open
Feature
Open
[Feature Request]: Make users change default admin passwords and secrets for production deployments.#974
Feature
Assignees
Nayana-R-Gowda
Labels
enhancementNew feature or requesttriageIssues / Features awaiting triage
Milestone
Release 0.9.0
@terylt

Description

@terylt
terylt
opened on Sep 12, 2025

🧭 Type of Feature

Please select the most appropriate category:

  • Enhancement to existing functionality
  • New feature or capability
  • New MCP-compliant server
  • New component or integration
  • Developer tooling or test improvement
  • Packaging, automation and deployment (ex: pypi, docker, quay.io, kubernetes, terraform)
  • Other (please describe below)

🧭 Epic

Title: Force users to change passwords/secrets on first use of MCP CF
Goal: The goal is to prevent users from deploying the gateway with default passwords and tokens that could become a security risk. Unfortunately, there are many stories of servers being hacked due to default passwords or tokens and we should try to prevent this proactively.
Why now: As MCP Context Forge is used by more people, there will be more opportunities for the system to be deployed with default passwords.

🙋♂️ User Story 1

As a: Security Administrator
I want: the Context Forge to request the user to set a different password and secret on startup, and it won't start without it changed.
So that: the administrative account isn't vulnerable to attacks where folks know the default password.

✅ Acceptance Criteria

Scenario: On MCP CF startup.
  The gateway logs an error message to the user that the password and secret must be changed before running.  We could have a "development" mode which lets the user run the server, but warns them even on startup.  However, I think forcing the user to change it would be best for security.

🔗 MCP Standards Check

  • Change adheres to current MCP specifications
  • No breaking changes to existing MCP-compliant integrations
  • If deviations exist, please describe them below:

🔄 Alternatives Considered

List any alternative designs, existing workarounds, or rejected ideas.

As mentioned above, we could have multiple modes. A developer mode that lets the user maintain the current password/secrets but also warns every time it starts not to use the default in production.

We could also force the user to change the password when first trying to log into the UI.

Metadata

Metadata

Assignees

Labels

enhancementNew feature or requesttriageIssues / Features awaiting triage

Type

Feature

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions