Skip to content
ByteBrew Engine

Admin Dashboard: Login

The Admin Dashboard is a web-based interface for managing all aspects of your ByteBrew Engine. It uses Ed25519 JWT authentication (as of Wave 1+7).

First-time Access

Section titled “First-time Access”

Navigate to http://localhost:8443/admin in your browser (adjust host/port if needed).

In local mode (default):

  • You will see a login form (username + password)
  • Create your initial admin account by entering desired credentials
  • The engine stores the user and issues an Ed25519-signed JWT token

In external mode:

  • The SPA will redirect to your landing page’s login endpoint
  • You must obtain a token from your cloud landing service
  • The token is passed via #at=<token> URL fragment

Managing Admin Users

Section titled “Managing Admin Users”

Admin users are managed via the Admin Dashboard interface (accessible after login). The bytebrew-ce admin CLI subcommand has been removed as of Wave 1+7.

To create additional admin users:

  1. Log in to the Admin Dashboard as an existing admin
  2. Navigate to Settings → Users or similar (admin-only section)
  3. Click “Create User” and enter username + password
  4. New user can immediately log in

Security Recommendations

Section titled “Security Recommendations”
  • Use a strong password — admin accounts have full control over all agents and data.
  • Ed25519 JWT signing — all tokens are signed with Ed25519 (EdDSA), not HS256. Keys are managed automatically in local mode or pre-provisioned in external mode.
  • Use HTTPS — put a reverse proxy (Caddy, nginx) in front of the engine with TLS.
  • Network isolation — restrict dashboard access to internal networks or VPN in production.
  • Token expiration — session tokens expire after 24 hours. Re-login is required after expiration.
  • Key rotation — in local mode, delete the keypair directory to rotate keys (invalidates all sessions). See docs/architecture/auth-flow.md for multi-replica rotation strategy.

Troubleshooting

Section titled “Troubleshooting”
  • Login fails — verify username and password are correct. If you lose access, create a new admin user via the Admin Dashboard login form.
  • Dashboard returns 401 after a while — your JWT token expired. Reload the page to trigger a re-login.
  • Dashboard not loading — check that port 8443 is exposed in Docker and not blocked by a firewall.
  • SPA stuck on login redirect (external mode) — ensure VITE_LANDING_URL is set correctly and the landing page’s login endpoint is accessible.

What’s next

Section titled “What’s next”