From 26869ab93c2bd7a33ad952553eac52ae8aa3e55d Mon Sep 17 00:00:00 2001 From: Rafal Lewandowski Date: Tue, 18 Nov 2025 10:19:19 +0100 Subject: [PATCH 1/4] moved secrets config above wazuh manager config --- doc/source/configuration/wazuh.rst | 43 +++++++++++++++--------------- 1 file changed, 21 insertions(+), 22 deletions(-) diff --git a/doc/source/configuration/wazuh.rst b/doc/source/configuration/wazuh.rst index dd1a7615dc..ff1af332cd 100644 --- a/doc/source/configuration/wazuh.rst +++ b/doc/source/configuration/wazuh.rst @@ -205,6 +205,27 @@ Reinstall the role if required: ``kayobe control host bootstrap`` +Secrets +------- + +Wazuh requires that secrets or passwords are set for itself and the services with which it communiticates. +Wazuh secrets playbook is located in ``$KAYOBE_CONFIG_PATH/ansible/deployment/wazuh-secrets.yml``. +Running this playbook will generate and put pertinent security items into secrets +vault file which will be placed in ``$KAYOBE_CONFIG_PATH/deployment/wazuh-secrets.yml``. +If using environments it ends up in ``$KAYOBE_CONFIG_PATH/environments//deployment/wazuh-secrets.yml`` +Remember to encrypt! + +Wazuh secrets template is located in ``$KAYOBE_CONFIG_PATH/ansible/templates/wazuh-secrets.yml.j2``. +It will be used by wazuh secrets playbook to generate wazuh secrets vault file. + + +.. code-block:: console + + kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/deployment/wazuh-secrets.yml + +.. note:: Use ``ansible-vault`` to view the secrets: + + ``ansible-vault view --vault-password-file ~/vault.password $KAYOBE_CONFIG_PATH/inventory/group_vars/wazuh-manager/deployment/wazuh-secrets.yml`` Edit the playbook and variables to your needs: @@ -242,28 +263,6 @@ You may need to modify some of the variables, including: You'll need to run ``wazuh-manager.yml`` playbook again to apply customisation. -Secrets -------- - -Wazuh requires that secrets or passwords are set for itself and the services with which it communiticates. -Wazuh secrets playbook is located in ``$KAYOBE_CONFIG_PATH/ansible/deployment/wazuh-secrets.yml``. -Running this playbook will generate and put pertinent security items into secrets -vault file which will be placed in ``$KAYOBE_CONFIG_PATH/deployment/wazuh-secrets.yml``. -If using environments it ends up in ``$KAYOBE_CONFIG_PATH/environments//deployment/wazuh-secrets.yml`` -Remember to encrypt! - -Wazuh secrets template is located in ``$KAYOBE_CONFIG_PATH/ansible/templates/wazuh-secrets.yml.j2``. -It will be used by wazuh secrets playbook to generate wazuh secrets vault file. - - -.. code-block:: console - - kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/deployment/wazuh-secrets.yml - -.. note:: Use ``ansible-vault`` to view the secrets: - - ``ansible-vault view --vault-password-file ~/vault.password $KAYOBE_CONFIG_PATH/inventory/group_vars/wazuh-manager/deployment/wazuh-secrets.yml`` - Configure Wazuh Dashboard's Server Host --------------------------------------- From 94b012435d20f71796d6d7b4d64b69da785e75a7 Mon Sep 17 00:00:00 2001 From: Rafal Lewandowski Date: Tue, 18 Nov 2025 10:29:23 +0100 Subject: [PATCH 2/4] typo --- doc/source/configuration/wazuh.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/source/configuration/wazuh.rst b/doc/source/configuration/wazuh.rst index ff1af332cd..d106f2ea34 100644 --- a/doc/source/configuration/wazuh.rst +++ b/doc/source/configuration/wazuh.rst @@ -208,7 +208,7 @@ Reinstall the role if required: Secrets ------- -Wazuh requires that secrets or passwords are set for itself and the services with which it communiticates. +Wazuh requires that secrets or passwords are set for itself and the services with which it communicates. Wazuh secrets playbook is located in ``$KAYOBE_CONFIG_PATH/ansible/deployment/wazuh-secrets.yml``. Running this playbook will generate and put pertinent security items into secrets vault file which will be placed in ``$KAYOBE_CONFIG_PATH/deployment/wazuh-secrets.yml``. From 5d553d259dc3b8605c13e1a838ebbfa9f3bb7fa7 Mon Sep 17 00:00:00 2001 From: Rafal Lewandowski Date: Tue, 25 Nov 2025 15:40:44 +0100 Subject: [PATCH 3/4] removed command irrelevant to procedure --- doc/source/configuration/wazuh.rst | 4 ---- 1 file changed, 4 deletions(-) diff --git a/doc/source/configuration/wazuh.rst b/doc/source/configuration/wazuh.rst index d106f2ea34..0fa285743b 100644 --- a/doc/source/configuration/wazuh.rst +++ b/doc/source/configuration/wazuh.rst @@ -223,10 +223,6 @@ It will be used by wazuh secrets playbook to generate wazuh secrets vault file. kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/deployment/wazuh-secrets.yml -.. note:: Use ``ansible-vault`` to view the secrets: - - ``ansible-vault view --vault-password-file ~/vault.password $KAYOBE_CONFIG_PATH/inventory/group_vars/wazuh-manager/deployment/wazuh-secrets.yml`` - Edit the playbook and variables to your needs: Wazuh manager configuration From 253d6185777bb5c37a13f5f0edaff18323ad3c6c Mon Sep 17 00:00:00 2001 From: Rafal Lewandowski Date: Tue, 25 Nov 2025 23:19:44 +0100 Subject: [PATCH 4/4] removed correct line --- doc/source/configuration/wazuh.rst | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/doc/source/configuration/wazuh.rst b/doc/source/configuration/wazuh.rst index 0fa285743b..5d2162d9fa 100644 --- a/doc/source/configuration/wazuh.rst +++ b/doc/source/configuration/wazuh.rst @@ -223,7 +223,9 @@ It will be used by wazuh secrets playbook to generate wazuh secrets vault file. kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/deployment/wazuh-secrets.yml -Edit the playbook and variables to your needs: +.. note:: Use ``ansible-vault`` to view the secrets: + + ``ansible-vault view --vault-password-file ~/vault.password $KAYOBE_CONFIG_PATH/inventory/group_vars/wazuh-manager/deployment/wazuh-secrets.yml`` Wazuh manager configuration ---------------------------