Seeding Initial Users After Deployment
This guide explains how to automatically create initial admin users when deploying to production.
How It Works​
The application includes an auto-seeding service that runs on startup and creates an initial admin user if one doesn't exist.
Key Features:
- âś… Safe to run in production (only creates users if they don't exist)
- âś… Runs automatically on application startup
- âś… Configurable via environment variables
- âś… Can be disabled when not needed
Setup for Dokploy​
Step 1: Enable Auto-Seed​
Add these environment variables to your API application in Dokploy:
# Enable automatic user seeding
ENABLE_AUTO_SEED=true
# Admin user credentials (REQUIRED)
SEED_ADMIN_EMAIL=admin@emtb.consulting
SEED_ADMIN_PASSWORD=YourSecurePassword123!
Step 2: Deploy​
Once you add these variables and redeploy, the application will:
- Start up normally
- Check if an admin user exists with the email
SEED_ADMIN_EMAIL - If NOT exists → Create the admin user
- If exists → Skip (no action)
Step 3: Login & Change Password​
After first deployment:
-
Login with the seeded credentials:
- Email:
admin@emtb.consulting(or whatever you set) - Password:
YourSecurePassword123!
- Email:
-
Immediately change the password in the application
-
(Optional) Disable auto-seed by setting
ENABLE_AUTO_SEED=false
Environment Variables Reference​
| Variable | Required | Default | Description |
|---|---|---|---|
ENABLE_AUTO_SEED | Yes | false | Set to true to enable auto-seeding |
SEED_ADMIN_EMAIL | No | admin@emtb.consulting | Email for the initial admin user |
SEED_ADMIN_PASSWORD | No | ChangeMe123! | Password for the initial admin user |
Security Best Practices​
✅ DO:​
- Use a strong, unique password for
SEED_ADMIN_PASSWORD - Change the password immediately after first login
- Use a real email address you control for
SEED_ADMIN_EMAIL - Disable auto-seed (
ENABLE_AUTO_SEED=false) after initial setup
❌ DON'T:​
- Don't use weak passwords like "password123"
- Don't commit these credentials to git
- Don't share the initial password with anyone
- Don't leave auto-seed enabled indefinitely
Manual Seeding (Development Only)​
For local development, you can use the manual seed script:
# From project root
cd apps/api
NODE_ENV=development pnpm run seed:users
This script:
- Only runs in development mode (safety check)
- Creates 3 test users: ADMIN, MANAGER, CLIENT
- Shows credentials in a formatted table
- Skips users that already exist
Test Users Created:
- Admin:
ayoub.hidri+emtb-admin@gmail.com/EmtbAdmin2024! - Manager:
ayoub.hidri+emtb-manager@gmail.com/EmtbManager2024! - Client:
ayoub.hidri+emtb-client@gmail.com/ClientEmtb2024!
Troubleshooting​
Auto-seed not working?​
Check logs in Dokploy:
- Go to API application
- Click "Logs" tab
- Look for messages like:
[SeedService] Starting automatic user seeding...
[SeedService] âś… Created initial admin user: admin@emtb.consulting
If you see:
Auto-seed disabled→ CheckENABLE_AUTO_SEED=trueis setAdmin user already exists→ User was already created (this is normal)Failed to create initial admin user→ Check database connection and logs
Can't login with seeded credentials?​
-
Verify credentials are correct:
- Check environment variables in Dokploy
- Passwords are case-sensitive
-
Check if user exists in database:
- Use database management tool to verify user was created
- Check the
userstable
-
Database connection issues:
- Verify API can connect to PostgreSQL
- Check database credentials in environment variables
Want to reset and recreate admin user?​
Option 1: Delete from database
DELETE FROM users WHERE email = 'admin@emtb.consulting';
Then redeploy the API.
Option 2: Use different email
Change SEED_ADMIN_EMAIL to a new email address and redeploy.
Example: Complete Dokploy Setup​
Here's a complete example of environment variables for your API application:
# Database
POSTGRES_HOST=emtb-db-s0tqyd
POSTGRES_PORT=5432
POSTGRES_DB=emtb
POSTGRES_USER=emtb_user
POSTGRES_PASSWORD=your-db-password
# JWT
JWT_SECRET=your-jwt-secret
JWT_REFRESH_SECRET=your-refresh-secret
JWT_EXPIRES_IN=1h
JWT_REFRESH_EXPIRES_IN=7d
# API
PORT=3001
NODE_ENV=production
HUSKY=0
TYPEORM_SYNCHRONIZE=false
# CORS
CORS_ORIGIN=https://app.emtb.consulting
# Email (Brevo)
BREVO_API_KEY=your-brevo-key
BREVO_SENDER_EMAIL=noreply@emtb.consulting
BREVO_SENDER_NAME=EMTB Consulting
# Auto-Seed (⬇️ ADD THESE)
ENABLE_AUTO_SEED=true
SEED_ADMIN_EMAIL=admin@emtb.consulting
SEED_ADMIN_PASSWORD=SuperSecurePassword123!
After adding these variables, click "Redeploy" and the admin user will be created automatically!
FAQ​
Q: Will this create duplicate users on every deployment? A: No! The service checks if the user exists first. If it exists, it skips creation.
Q: Can I seed multiple users?
A: Currently only one admin user is seeded automatically. You can modify seed.service.ts to add more users if needed.
Q: What happens if I change SEED_ADMIN_EMAIL after the user is created?
A: The service will create a NEW admin user with the new email. The old one remains.
Q: Can I use this for test/staging environments?
A: Yes! Just set ENABLE_AUTO_SEED=true in those environments too.
Q: Should I keep auto-seed enabled forever?
A: It's safe to keep it enabled, but you can disable it after initial setup if you prefer (ENABLE_AUTO_SEED=false).
Need help? Check the API logs in Dokploy for detailed seeding information!