Skip to content

Commit

Permalink
Merge pull request #1442 from stackhpc/wazuh-secrets
Browse files Browse the repository at this point in the history 
Fix dangerous wazuh secrets templating
  • Loading branch information
@Alex-Welsh
Alex-Welsh authored Jan 9, 2025
2 parents d397cbd + 195e3e3 commit 63ef66f
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions etc/kayobe/ansible/templates/wazuh-secrets.yml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,12 +3,12 @@
# Store these securely and use lookups here
secrets_wazuh:
# Wazuh agent authd pass
authd_pass: "{{ secrets_wazuh.authd_pass | default(lookup('password', '/dev/null'), true) }}"
authd_pass: '{{ secrets_wazuh.authd_pass | default(lookup("password", "/dev/null"), true) }}'
# Strengthen default wazuh api user pass
wazuh_api_users:
- username: "wazuh"
password: "{{ secrets_wazuh.wazuh_api_users[0].password | default(lookup('community.general.random_string', min_lower=1, min_upper=1, min_special=1, min_numeric=1, length=30, override_special=override_special_characters)) }}"
password: '{{ secrets_wazuh.wazuh_api_users[0].password | default(lookup("community.general.random_string", min_lower=1, min_upper=1, min_special=1, min_numeric=1, length=30, override_special=override_special_characters)) }}'
# OpenSearch 'admin' user pass
opendistro_admin_password: "{{ secrets_wazuh.opendistro_admin_password | default(lookup('password', '/dev/null'), true) }}"
opendistro_admin_password: '{{ secrets_wazuh.opendistro_admin_password | default(lookup("password", "/dev/null"), true) }}'
# OpenSearch 'kibanaserver' user pass
opendistro_kibana_password: "{{ secrets_wazuh.opendistro_kibana_password | default(lookup('password', '/dev/null'), true) }}"
opendistro_kibana_password: '{{ secrets_wazuh.opendistro_kibana_password | default(lookup("password", "/dev/null"), true) }}'

0 comments on commit 63ef66f

Please sign in to comment.