[vinckr]

if you leave the admin APIs unsecured in production it is an attack vector, not sure what you would prefer being told here?

It says "When deploying Ory open-source Servers, protect access to their APIs using Ory Oathkeeper or a comparable API Gateway."

[bogomipblips]

Since docker/k8s I've started to encounter containers that just start with a default user and no password. The Cuckoo's Egg was published in 1989. Choose a random password if you don't have one and print it to the console.