⚠️ Change on first login. These are provisioned defaults. The customer must change the password immediately after first login.

Default Admin Account

FieldValue
Emailadmin@castlecheckers.com
PasswordAdmin@2026
Password Hashda004d5ed0e3915f754d8b79ba29c078aa4190a5d9e2d7bcd4188755fb9fb741
Hash AlgorithmPBKDF2-SHA256, 100,000 iterations, salt = SONAN_SP_2026
Admin Portal URLcaretaker-portal.pages.dev/admin

Changing the Password

Option 1: Via Admin Settings (UI)

  1. Log in to the admin portal
  2. Go to Settings → Security
  3. Enter current password and new password
  4. Save — calls PATCH /api/settings/password, re-hashes and updates D1

Option 2: Direct D1 Update (Wrangler)

Generate hash with Python:

import hashlib, binascii
password = "YourNewPassword"
salt = "SONAN_SP_2026"
dk = hashlib.pbkdf2_hmac('sha256', password.encode(), salt.encode(), 100000)
print(binascii.hexlify(dk).decode())

Apply via Wrangler (run from Windows terminal):

cd E:\Claude_Projects\sonan-trackers\caretaker-portal-Claude\caretaker-portal
npx wrangler d1 execute caretaker_db --env castlecheckers --remote --command   "UPDATE admins SET password_hash = '<new_hash>' WHERE email = 'admin@castlecheckers.com'"

Session Tokens

PropertyValue
StoragelocalStorage key cc_admin_token
FormatHMAC-SHA256 JWT
TTL24 hours
Signing keyCloudflare Worker secret JWT_SECRET

To rotate the signing key (invalidates all active sessions):

npx wrangler secret put JWT_SECRET --env castlecheckers