search

litmuschaos / litmus

Litmus helps SREs and developers practice chaos engineering in a Cloud-native way. Chaos experiments are published at the ChaosHub (https://hub.litmuschaos.io). Community notes is at https://hackmd.io/a4Zu_sH4TZGeih-xCimi3Q
https://litmuschaos.io
Apache License 2.0
4.45k stars 698 forks source link

Secure By Design: No default usernames / passwords #4949

Open agardnerIT opened 1 week ago

agardnerIT commented 1 week ago

I believe Litmus Chaos should move away from a default username and password. This is in following CISA's secure by design guidance that advises against this behaviour.

I propose that instead of the default password: litmus a random password is generated at install time for the admin user account.