docs: clearer masterkey, config iam admin (#3670)

Co-authored-by: Florian Forster <florian@caos.ch>

deploy/compose/docker-compose.yml

@@ -6,9 +6,8 @@ services:
     networks:
       - zitadel
     image: ghcr.io/zitadel/zitadel:v2.0.0-v2-alpha.3-amd64
-    command: admin start-from-init --masterkeyFromEnv
+    command: admin start-from-init --masterkey "MasterkeyNeedsToHave32Characters"
     environment:
-      - ZITADEL_MASTERKEY=${ZITADEL_MASTERKEY}
       - ZITADEL_DATABASE_HOST=db
       - ZITADEL_EXTERNALSECURE=false
       - ZITADEL_DEFAULTINSTANCE_CUSTOMDOMAIN=localhost

docs/docs/guides/installation/compose.mdx

@@ -1,7 +1,4 @@
 ```bash
-# Generate a master encryption key
-export ZITADEL_MASTERKEY="$(tr -dc A-Za-z0-9 </dev/urandom | head -c 32)"
-
 # Download the docker compose example configuration
 wget https://raw.githubusercontent.com/zitadel/zitadel/v2-alpha/deploy/compose/docker-compose.yml
 

docs/docs/guides/installation/configuration.mdx

@@ -6,11 +6,11 @@ You can overwrite these values using environment variables or configuration file
 ### Configure by environment variables
 
 Prefix the key with *ZITADEL\_*, uppercase the propery and join sections by an underscore _.
-For example, if you want to configure the cockroach admin user name and password, export these two variables.
+For example, if you want to configure the default ZITADEL IAM admin username and password, export these two variables.
 
 ```bash
-export ZITADEL_ADMINUSER_USERNAME="my_root_users_name"
-export ZITADEL_ADMINUSER_PASSWORD="my_root_users_password"
+export ZITADEL_DEFAULTINSTANCE_HUMAN_USERNAME="root"
+export ZITADEL_DEFAULTINSTANCE_HUMAN_PASSWORD="RootPassword1!"
 ```
 
 ### Configure by configuration files
@@ -21,16 +21,18 @@ Fortunately, you can pass multiple configuration files to the zitadel command.
 ```bash
 # Create a configuration file containing normal configuration
 cat << EOF > ./zitadel-config.yaml
-AdminUser:
-  Username: my_root_users_name
+DefaultInstance:
+  Human:
+    Username: root
 EOF
 
 # Create a configuration file containing secrets
 cat << EOF > ./zitadel-secrets.yaml
-AdminUser:
-  Password: "my_root_users_password"
+DefaultInstance:
+  Human:
+    Password: RootPassword1!
 EOF
 
 # Pass multiple config files using the --config argument
-zitadel admin start-from-init --masterkeyFromEnv --config ./zitadel-config.yaml --config ./zitadel-secrets.yaml
+zitadel admin start-from-init --config ./zitadel-config.yaml --config ./zitadel-secrets.yaml --masterkey "MasterkeyNeedsToHave32Characters"
 ```

docs/docs/guides/installation/linux.mdx

@@ -11,7 +11,6 @@ cockroach start-single-node --insecure --background --http-addr :9090
 
 # Configure your environment
 # Generate a master encryption key
-export ZITADEL_MASTERKEY="$(tr -dc A-Za-z0-9 </dev/urandom | head -c 32)"
 export ZITADEL_EXTERNALSECURE=false
 export ZITADEL_EXTERNALDOMAIN=localhost
 export ZITADEL_DEFAULTINSTANCE_CUSTOMDOMAIN=localhost
@@ -20,5 +19,5 @@ export ZITADEL_DEFAULTINSTANCE_CUSTOMDOMAIN=localhost
 curl -s https://api.github.com/repos/zitadel/zitadel/releases/tags/v2.0.0-v2-alpha.3 | grep "browser_download_url.*zitadel_.*_linux_$(dpkg --print-architecture)" | cut -d '"' -f 4 | sudo wget -i - -O /usr/local/bin/zitadel && sudo chmod +x /usr/local/bin/zitadel && sudo chown $(id -u):$(id -g) /usr/local/bin/zitadel
 
 # Run the database and application containers
-zitadel admin start-from-init --masterkeyFromEnv
+zitadel admin start-from-init --masterkey "MasterkeyNeedsToHave32Characters"
 ```

docs/docs/guides/installation/macos.mdx

@@ -11,7 +11,6 @@ cockroach start-single-node --insecure --background --http-addr :9090
 
 # Configure your environment
 # Generate a master encryption key
-export ZITADEL_MASTERKEY="$(tr -dc A-Za-z0-9 </dev/urandom | head -c 32)"
 export ZITADEL_EXTERNALSECURE=false
 export ZITADEL_EXTERNALDOMAIN=localhost
 export ZITADEL_DEFAULTINSTANCE_CUSTOMDOMAIN=localhost
@@ -21,5 +20,5 @@ export MY_ARCHITECTURE="arm64"
 curl -s https://api.github.com/repos/zitadel/zitadel/releases/tags/v2.0.0-v2-alpha.3 | grep "browser_download_url.*zitadel_.*_darwin_${MY_ARCHITECTURE}" | cut -d '"' -f 4 | sudo wget -i - -O /usr/local/bin/zitadel && sudo chmod +x /usr/local/bin/zitadel && sudo chown $(id -u):$(id -g) /usr/local/bin/zitadel
 
 # Run the database and application containers
-zitadel admin start-from-init --masterkeyFromEnv
+zitadel admin start-from-init --masterkey "MasterkeyNeedsToHave32Characters"
 ```

docs/docs/guides/installation/openlocal.mdx

@@ -1,4 +1,5 @@
 Open your favorite internet browser and navigate to [http://localhost:8080/ui/console](http://localhost:8080/ui/console).
-Log in as default admin user:
+If you didn't configure something else, this is the default IAM admin users login:
 - **username**: *zitadel-admin@<span></span>zitadel.localhost*  
 - **password**: *Password1!*
+If you configured a different username, replace the substring zitadel-admin above by the username you configured.