Allow user to set default user passwords

[msavy]

• Could also consider randomising admin and apimanager passwords if no default is provided?
• Could consider setting password as temporary/require reset?

[volkflo]

I would change this in the KC (of course only in the setups we ship with KC) so that we force a user to change the password after first login. Note: This was already present in a downstream version of apiman and a lot of people complained as this is a additional step if you do development.

[msavy]

We could allow setting the passwords explicitly (can do it via the Keycloak REST API + Apiman API). That would follow the typical pattern you see in docker images of allowing a password to be set via env var, otherwise randomise and print to console.

e.g. (names purely for example)

APIMAN_ADMIN_PASSWORD=(if not set, is randomised)
APIMAN_MANAGER_PASSWORD=(if not set, is randomised)

I guess instead of launching Apiman directly we'd just have a script in Shell/JBang/Ruby or whatever, and we'd do any special actions there. Would require multiple things to be running though, which will be interesting. It definitely works, though.

BTW, apimanager creds are stored in Apiman's DB, so that it can talk from Apiman -> Gateway (without necessarily needing to be KC; could just be BASIC or something). Randomising that would be good so that it's always different even for a default setup. Would just need to ensure it's consistent (i.e. the script needs to speak to KC + Apiman).