An Open WebUI admin account controls user approval, provider settings, and server-wide options, so a lost password can block administration even when the web app still opens. A database password reset restores access to the existing admin account without removing users, chats, files, or settings.

Docker deployments keep Open WebUI account credentials in webui.db inside the data volume mounted at /app/backend/data. The reset uses a disposable Alpine repair shell to create a bcrypt hash and update the matching row in the auth table while the application container is stopped.

Use the email address already assigned to the admin account and choose a temporary strong password for first sign-in. Back up the data volume before editing webui.db, and reserve database deletion for a full reset because it removes users, settings, chat history, and stored files.

Steps to reset an Open WebUI admin password in Docker:

  1. Stop the Open WebUI application container.
    $ docker stop open-webui
    open-webui

    Replace open-webui with the actual container name if the deployment uses a different name.

  2. Open a repair shell with the Open WebUI data volume mounted at /data.
    $ docker run --rm -it -v open-webui:/data alpine sh
    / #

    Replace the volume name open-webui with the volume or bind mount used for /app/backend/data in the application container.

  3. Install htpasswd and sqlite3 inside the repair shell.
    / # apk add --no-cache apache2-utils sqlite
  4. Generate a bcrypt hash for the temporary admin password.
    / # htpasswd -bnBC 10 "" 'new-admin-password' | tr -d ':\n'
    $2y$10$3PYQ.VyV3pseEo0skLMVROya5Qi64Ccs4XnnWCoBr9F/PQrXcT2sG

    Use a new strong password and copy the generated hash from your own terminal; the sample hash is not a password to reuse.

  5. Open the Open WebUI SQLite database.
    / # sqlite3 /data/webui.db
  6. Update the admin password row and verify that the row now stores a bcrypt hash.
    sqlite> UPDATE auth
       ...> SET password='$2y$10$3PYQ.VyV3pseEo0skLMVROya5Qi64Ccs4XnnWCoBr9F/PQrXcT2sG'
       ...> WHERE email='admin@example.com';
    sqlite> SELECT email, substr(password, 1, 4) AS hash_prefix
       ...> FROM auth
       ...> WHERE email='admin@example.com';
    admin@example.com|$2y$

    Replace admin@example.com with the locked-out admin email. Paste the hash inside the sqlite3 prompt as shown; the dollar signs do not need shell escaping there.

  7. Quit sqlite3.
    sqlite> .quit
  8. Leave the repair shell.
    / # exit
  9. Start the Open WebUI application container again.
    $ docker start open-webui
    open-webui
  10. Sign in to Open WebUI with the admin email and the new password.

    Change the temporary password from the account menu after access is restored, then keep the database backup until the admin account can open Admin Panel.