How the UUID is used as a salt to bcrypt passwords?


I am trying to overwrite new passwords with an Ansible playbook in the core_user table. I understand the UUID is used as a salt for bcrypt, but the Ansible library ( is expecting only 22 alphanumeric characters for the salt.
I don’t understand the Clojure code very well. What is it done by Clojure for the UUID to be a valid bcrypt salt?



I got the same problem. I checked Metabase's source code and i found the solution.

In core_user table, there is a "password_salt" column that is an UUID (for example f9999305-8a58-5713-be98-ae123b456789).

You have to concatenate it with the new password, for example "superPwd".

Then use BCrypt "hashpw()" function with a salt generated by BCrypt "gensalt()" function.

With java we'd get with our example values : BCrypt.hashpw("f9999305-8a58-5713-be98-ae123b456789superPwd",BCrypt.gensalt())

Copy paste the result of hashpw() function into the columen user_core.password and that's all.