# Update admin credentials in MySQL

Passwords are stored in the `plg_user_credentials` table (bcrypt hashes). The app uses the same database as your `alf_authority` data.

## Option 1: Generate SQL with the script (recommended)

From the project root:

```bash
# Interactive: prompts for username (default admin) and password
python scripts/update_admin_password_mysql.py

# With arguments
python scripts/update_admin_password_mysql.py --username admin --password 'YourNewPassword'
```

The script prints a single MySQL statement. Run it against your app database, for example:

```bash
mysql -h localhost -P 3306 -u YOUR_DB_USER -p YOUR_DB_NAME -e "INSERT INTO plg_user_credentials ..."
```

Or paste the printed SQL into your MySQL client (e.g. MySQL Workbench, DBeaver, or `mysql` interactive).

## Option 2: Raw MySQL if you already have a bcrypt hash

If you have a bcrypt hash (60 chars, e.g. `$2b$12$...`):

```sql
-- Set or update password for user 'admin'
INSERT INTO plg_user_credentials (username, password_hash)
  VALUES ('admin', '$2b$12$YourBcryptHashHere...')
ON DUPLICATE KEY UPDATE password_hash = VALUES(password_hash);
```

To generate a valid hash you must use the same algorithm as the app (bcrypt via passlib). Easiest is Option 1.

## Table and database

- **Table:** `plg_user_credentials`
- **Columns:** `username` (VARCHAR 255, primary key), `password_hash` (VARCHAR 255)
- **Database:** The same MySQL database as `alf_authority` (e.g. from your `.env`: `DB_NAME`)

The user must already exist in `alf_authority` (e.g. created by `create_admin_user.py` or via the admin UI). This table only stores the password; the username is the same as `alf_authority.authority` for users.