Best practice for auto-configuration

Hello,

Currently, I’m using CFTs and Ansible to spin up a Nexus stack (Nginx reverse proxy and S3 bucket). Once the stack is up, it is momentarily exposed to malicious attacks since the admin password is the default admin123 (until I change it).

What are the best practices in this case? Ideally, Nexus would have a CLI that would allow me to, at the very least, reset/change a password. (Beyond that, it would be great to do other configurations, like creating blobs or setting up repos.)

In the case of admin password, I know there’s a “How To”, but it seems a bit complex since it requires going into the OrientDB. Also, I think it only resets the password to admin123.

What are the best practices here? Is there a tool I’m missing?

Thanks,

Ryan