Add CLI reset-password command documentation

[renehonig]

Add CLI reset-password command documentation

Summary

This PR adds documentation for the new reset-password CLI command that was implemented to address security concerns from issue #588.

Changes

Modified Files

• chirpstack-docs/src/chirpstack/use/cli-commands.md - Added comprehensive documentation for the reset-password command including:
  • Command usage and options
  • Multiple input methods (interactive, file, stdin)
  • Security considerations
  • Password requirements (NIST 800-63b compliant)

Documentation Preview

reset-password

Reset a user's password without API access. This command is useful for:

• Initial setup of fresh installations
• Automated deployment scripts
• Recovery from forgotten passwords

Usage:

chirpstack --config /etc/chirpstack reset-password --email <EMAIL> [OPTIONS]

Options:

Option	Description
-e, --email <EMAIL>	User email address (required)
-p, --password-file <FILE>	Path to file containing new password
--stdin	Read password from stdin

Examples:

# Interactive password reset
chirpstack --config /etc/chirpstack reset-password -e admin@example.com

# Password from file
chirpstack --config /etc/chirpstack reset-password -e admin@example.com -p /tmp/pw.txt

# Password from stdin (recommended for scripts)
echo "SecurePassword123" | chirpstack --config /etc/chirpstack reset-password -e admin@example.com --stdin

Security Notes

• Uses PBKDF2-SHA512 with 1 iteration (same as existing authentication)
• NIST 800-63b compliant password validation (8-128 characters)
• Maximum 128 character length to prevent DoS attacks
• Interactive prompts mask password input
• Password files should have chmod 600 permissions

Testing

The documentation was validated by:

• Verifying all example commands are syntactically correct
• Confirming security considerations match implementation
• Ensuring password requirements align with the rpassword crate validation

[Copilot]

Pull request overview

This PR introduces dedicated documentation for the new chirpstack reset-password CLI command and wires it into the docs navigation and changelog so users can discover and use it for secure password management.

Changes:

• Added chirpstack/use/cli-commands.md documenting CLI usage, with a focus on the new reset-password command and its security implications.
• Updated the ChirpStack changelog with a v4.17.0 entry describing the new CLI feature and linking to the CLI documentation.
• Linked the new CLI commands page from the main SUMMARY.md navigation under “Use”.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

File	Description
src/chirpstack/use/cli-commands.md	New CLI commands overview, including detailed reset-password usage, options, examples, and security considerations.
src/chirpstack/changelog.md	Adds v4.17.0 “CLI reset-password command” feature entry and points readers to the CLI commands doc.
src/SUMMARY.md	Adds the “CLI commands” page to the “Use” section so the new documentation is discoverable.

Additional suggestion (non-blocking): If the chirpstack --help output has been updated to include reset-password, import-device-profiles, and migrate-device-profile-templates, consider updating the CLI snippet in src/chirpstack/configuration.md in a follow-up so the inline help example stays in sync with the actual binary.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.