From 195e3e39dff2ff4e846ec5f221a4a7420de44bdf Mon Sep 17 00:00:00 2001 From: Alex-Welsh Date: Wed, 8 Jan 2025 10:42:35 +0000 Subject: [PATCH] Fix dangerous wazuh secrets templating --- etc/kayobe/ansible/templates/wazuh-secrets.yml.j2 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/etc/kayobe/ansible/templates/wazuh-secrets.yml.j2 b/etc/kayobe/ansible/templates/wazuh-secrets.yml.j2 index 583c1efa4..8294edec7 100644 --- a/etc/kayobe/ansible/templates/wazuh-secrets.yml.j2 +++ b/etc/kayobe/ansible/templates/wazuh-secrets.yml.j2 @@ -3,12 +3,12 @@ # Store these securely and use lookups here secrets_wazuh: # Wazuh agent authd pass - authd_pass: "{{ secrets_wazuh.authd_pass | default(lookup('password', '/dev/null'), true) }}" + authd_pass: '{{ secrets_wazuh.authd_pass | default(lookup("password", "/dev/null"), true) }}' # Strengthen default wazuh api user pass wazuh_api_users: - username: "wazuh" - password: "{{ secrets_wazuh.wazuh_api_users[0].password | default(lookup('community.general.random_string', min_lower=1, min_upper=1, min_special=1, min_numeric=1, length=30, override_special=override_special_characters)) }}" + password: '{{ secrets_wazuh.wazuh_api_users[0].password | default(lookup("community.general.random_string", min_lower=1, min_upper=1, min_special=1, min_numeric=1, length=30, override_special=override_special_characters)) }}' # OpenSearch 'admin' user pass - opendistro_admin_password: "{{ secrets_wazuh.opendistro_admin_password | default(lookup('password', '/dev/null'), true) }}" + opendistro_admin_password: '{{ secrets_wazuh.opendistro_admin_password | default(lookup("password", "/dev/null"), true) }}' # OpenSearch 'kibanaserver' user pass - opendistro_kibana_password: "{{ secrets_wazuh.opendistro_kibana_password | default(lookup('password', '/dev/null'), true) }}" + opendistro_kibana_password: '{{ secrets_wazuh.opendistro_kibana_password | default(lookup("password", "/dev/null"), true) }}'