Configuration file using docker to change passlib to argon2

I am running 7.4 and trying to update to 7.6.
Migration — Tryton Documentation says to make sure to enable argon2 and update old passwords by logging in.
But it doesn’t say how to do so.
I found that you must use a configuration file : Configuration file — Tryton server
I found that the file is /etc/trytond.conf

Can somebody tell me what to write in the file please ?
I wrote :

[web]
listen = 0.0.0.0:8000
root = /var/lib/trytond/www

[password]
passlib = argon2

but now the container won’t start anymore.

This is the section I followed :

The value must be a path to the INI file as explained in the documentation.

Sorry, you are not helping at all.
Thanks for the answer though.


OpenAI’s o3 helped me find the solution that I will share for others.
Assuming you are already on a working tryton 7.4 setup.
You will have to adapt to your variables.

Create a trytond.conf file somewhere on your host.
In my case it’s windows 10 and I put the file in D:\docker
Inside trytond.conf you want at least these sections (you can have more) :

[password]
hash_algorithm = argon2

[web]
listen = 0.0.0.0:8000
root = /var/lib/trytond/www

Delete the existing tryton container.

Then in powershell run this command with the variables adjusted for your setup :

docker run --name tryton --env DB_HOSTNAME=tryton_postgres --env DB_PASSWORD=XXXXXXX --env TRYTOND_CONFIG=/etc/trytond.conf --mount source=tryton_data,target=/var/lib/trytond/db --mount type=bind,source=D:\docker\trytond.conf,target=/etc/trytond.conf,readonly --network tryton_network --publish 127.0.0.1:8000:8000 --detach tryton/tryton:7.4

This way you pass the trytond.conf you created to the new tryton container.

Then to change and convert admin password, enter :

docker exec --env TRYTOND_DATABASE_URI=“postgresql://postgres:password@tryton_postgres:5432/tryton_database” -it tryton trytond-admin -c /etc/trytond.conf -d tryton_database --password

You can’t use the same password in order to use the new hash.
I used the UI to change the password of the other accounts.
I suppose you could use the UI to create the new password for admin but I did not try.


  • To check how many accounts are not yet on argon2 you can use in powershell :

docker exec -i tryton_postgres psql -U postgres -d tryton_database -c “SELECT COUNT(*) AS remaining FROM res_user WHERE password_hash !~ ‘^`$argon2’;”

  • To check the names of the remaining accounts to convert to argon2 you can use in powershell :

docker exec -i tryton_postgres psql -U postgres -d tryton_database -c “SELECT login FROM res_user WHERE password_hash !~ ‘^`$argon2’;”

I also got stuck on this point too.
At the end of the day all I needed to do is to change the password using the ui, and the default hash algorithm was argon2. The tricky bit was the wording update the password by logging in. I guess I am used to using change the password, but you can change the password to the same password as the old one, and then it would not be changing the password, it would be updating it :slight_smile: