I ran into some issues when trying to use the medkit-config.json file, but I was eventually able to sort those out and figured I could share it here in case anyone else winds up in a similar situation.
I inspected the commit medkit-initial-config: add new package (22a86f40) · Commits · Turris / Turris OS / Turris OS packages · GitLab and noticed that it gives you the option to also configure the system password (for the root user):
(this option has not been documented yet in the “First setup of Turris Omnia and Mox without Ethernet LAN”)
After I flashed the Turris Omnia, I was able to connect to the TurrisConfigWifi network using the WiFiPassword_ChangeThis! password, but I was not able to log into the reForis with the ForisPassword_ChangeThis!. Luckily, I was still able to log with ssh to email@example.com and the SystemPassword_ChangeThis! password.
In the SSH, I ran my foris_password through the python encryption routine and used the resulting string
# this returns an ENCRYPTED_PASSWORD (use it for uci set below)
uci set foris.auth.password =‘ENCRYPTED_PASSWORD’
uci commit foris.auth.password
From then on, I was able to log in to reForis.
So while it seems that there is a bug in the new feature which reads the Foris password from the JSON, you can get around it by using the undocumented feature of also setting the system password in the JSON and fixing the foris.auth.password UCI value from within an SSH root session.