As part of the 3.17.0 release, we’ve made a few changes to help administrators of new Nexus Repository Manager instances start out on the right foot.
New instances will now generate a random password and save it to the data (e.g. sonatype-work/nexus3) directory, which is a significant change. This will ensure that the first user to access the instance as admin is the instance owner.
After retrieving the password from the file and logging in, the administrator will then be presented with a new on-boarding workflow which will assist them in changing the password.
Additionally, the administrator will be prompted to choose whether anonymous access should be enabled.
For users who wish to deploy instances programmatically, we’ve also added a new REST API endpoint which can be used to set a user’s password. This endpoint could be used by a script to change the admin users password after reading the generated one from the file.
The new admin default settings for Nexus Repository Manager delivers enhanced safety for a secure, single source of truth to store and manage binaries and build artifacts.