Seeding & Bootstrap
Seeding & Bootstrap
Seeding creates the super admin account and the default workspace that every Message Center instance requires. The seed command is idempotent — re-running it is safe.
What Seeding Does
Running make seed performs the following steps:
- Runs all pending database migrations (same as
make migrate). - Creates or updates the super admin user with
is_super_admin: true. - Creates the default workspace if it does not exist.
- Creates an
adminmembership linking the super admin to the default workspace.
Super Admin Account
Configuration
| Env var | Default | Description |
|---|---|---|
SEED_SUPER_ADMIN_EMAIL | admin@example.com | Login email for the super admin |
SEED_SUPER_ADMIN_NAME | Super Admin | Display name |
SEED_SUPER_ADMIN_PASSWORD | (auto-generated) | Password — auto-generated if empty or shorter than 8 chars |
Password auto-generation
If SEED_SUPER_ADMIN_PASSWORD is empty or too short, the seed script generates a 16-character alphanumeric password (~96 bits of entropy). It then:
- Writes the password back to
.envasSEED_SUPER_ADMIN_PASSWORD=<value>so subsequent re-runs are stable. - Prints the credentials in a banner at the end of output.
If you set SEED_SUPER_ADMIN_PASSWORD explicitly before seeding, that value is used as-is.
Passwords are hashed with bcrypt (cost factor 12) and stored in users.password_hash. The plaintext is never persisted beyond .env.
Credentials banner
════════════════════════════════════════════════════════════════════════
✅ SUPER ADMIN READY — log in at:
URL: http://localhost:3000
Email: admin@example.com
Password: aBcD1234eFgH5678
🔐 Password was auto-generated and saved to /path/to/.env.
Change it via the UI after first login (Settings → Account).
════════════════════════════════════════════════════════════════════════
Default Workspace
| Env var | Default | Description |
|---|---|---|
SEED_DEFAULT_WORKSPACE_SLUG | main | URL slug for the default workspace |
SEED_DEFAULT_WORKSPACE_NAME | Main | Display name |
The super admin receives an admin role membership in the default workspace.
Running Seed
Development
make seed
Docker (first time only)
docker run --env-file .env core-admin yarn seed
Kubernetes (first time only)
kubectl run -it --rm seed \
--image=<your-registry>/core-admin:latest \
--restart=Never \
-- yarn seed
Pass environment variables via a Secret reference or --env flags.
Production Docker Compose
make prod-seed
Re-running Seed
Seed is safe to re-run at any time:
- If the super admin user already exists, only
password_hashandis_super_adminare updated —_idandcreated_atare preserved. - If the default workspace and membership already exist, they are left unchanged.
Common re-seed use cases:
- Reset a forgotten super admin password: set
SEED_SUPER_ADMIN_PASSWORD=<new>in.env, thenmake seed. - Promote a different email to super admin: change
SEED_SUPER_ADMIN_EMAIL, thenmake seed.
After First Login
- Open the URL printed in the credentials banner.
- Sign in with the super admin email and password.
- Go to Settings → Account and set a strong, unique password.
- Create additional workspaces and invite your team.
Next Steps
- Kubernetes Deployment — full Kubernetes production setup
- Environment Variables Reference — complete environment variable reference including seed vars