1.28 update - Argon Admin page warning

Hey, firstly thanks for the 1.28 update to latest image!

updated fine today, and changed to using argon for KDF and so far so good…
however in the logs i see

[NOTICE] You are using a plain text ADMIN_TOKEN which is insecure.
Please generate a secure Argon2 PHC string by using vaultwarden hash or argon2.

so i ran
docker exec -it vaultwarden /vaultwarden hash --preset owasp

which gave me the output

i updated my stack firstly directly in the code to
ADMIN_TOKEN: ‘$argon2id$v=19$m=19456,t=2,p=REMOVEDTHISTEXT’

but im still prompted the token in plain text, so i then hased out that line and added it as an env variable, but it still prompts “[NOTICE] You are using a plain text ADMIN_TOKEN which is insecure.”

p.s in between each step i have redeployed the stack (portainer/docker)

do i also have to put this string in the actual admin page too? (i notice its yellow so overriding)

p.s i have also tried changing all 5 $ to $$ in the line (and redeployed) but still says insecure

You probably have used the Admin Interface before to save settings (As the background of the token is yellow, which is described at the top of the page).

That means there is a config.json file which will overrule all ENV variables.
If you copy/paste that string into that field there, and save via the Admin Interface that should do the trick.

thanks just to be sure before i break it!
do i add the whole line in
or just the

(also does it matter here about the double $$ signs ?)


Only what is between the quotes. And no need to add double $ signs.

1 Like

perfect thanks that worked fine!

thanks again for all your work