Skip to content

Wazuh procedure improvement #1987

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 6 commits into from
Nov 27, 2025
+20 −23
Merged

Wazuh procedure improvement #1987

Changes from 1 commit
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
26869ab
moved secrets config above wazuh manager config
g0rgamesh Nov 18, 2025
94b0124
typo
g0rgamesh Nov 18, 2025
5d553d2
removed command irrelevant to procedure
g0rgamesh Nov 25, 2025
253d618
removed correct line
g0rgamesh Nov 25, 2025
c5f58fe
Merge branch 'stackhpc/2025.1' into doc_update
g0rgamesh Nov 26, 2025
3c00fd8
Merge branch 'stackhpc/2025.1' into doc_update
g0rgamesh Nov 27, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 21 additions & 22 deletions doc/source/configuration/wazuh.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -205,6 +205,27 @@ Reinstall the role if required:

``kayobe control host bootstrap``

Secrets
-------

Wazuh requires that secrets or passwords are set for itself and the services with which it communiticates.
Wazuh secrets playbook is located in ``$KAYOBE_CONFIG_PATH/ansible/deployment/wazuh-secrets.yml``.
Running this playbook will generate and put pertinent security items into secrets
vault file which will be placed in ``$KAYOBE_CONFIG_PATH/deployment/wazuh-secrets.yml``.
If using environments it ends up in ``$KAYOBE_CONFIG_PATH/environments/<env_name>/deployment/wazuh-secrets.yml``
Remember to encrypt!

Wazuh secrets template is located in ``$KAYOBE_CONFIG_PATH/ansible/templates/wazuh-secrets.yml.j2``.
It will be used by wazuh secrets playbook to generate wazuh secrets vault file.


.. code-block:: console

kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/deployment/wazuh-secrets.yml

.. note:: Use ``ansible-vault`` to view the secrets:

``ansible-vault view --vault-password-file ~/vault.password $KAYOBE_CONFIG_PATH/inventory/group_vars/wazuh-manager/deployment/wazuh-secrets.yml``

Edit the playbook and variables to your needs:

Expand Down Expand Up @@ -242,28 +263,6 @@ You may need to modify some of the variables, including:

You'll need to run ``wazuh-manager.yml`` playbook again to apply customisation.

Secrets
-------

Wazuh requires that secrets or passwords are set for itself and the services with which it communiticates.
Wazuh secrets playbook is located in ``$KAYOBE_CONFIG_PATH/ansible/deployment/wazuh-secrets.yml``.
Running this playbook will generate and put pertinent security items into secrets
vault file which will be placed in ``$KAYOBE_CONFIG_PATH/deployment/wazuh-secrets.yml``.
If using environments it ends up in ``$KAYOBE_CONFIG_PATH/environments/<env_name>/deployment/wazuh-secrets.yml``
Remember to encrypt!

Wazuh secrets template is located in ``$KAYOBE_CONFIG_PATH/ansible/templates/wazuh-secrets.yml.j2``.
It will be used by wazuh secrets playbook to generate wazuh secrets vault file.


.. code-block:: console

kayobe playbook run $KAYOBE_CONFIG_PATH/ansible/deployment/wazuh-secrets.yml

.. note:: Use ``ansible-vault`` to view the secrets:

``ansible-vault view --vault-password-file ~/vault.password $KAYOBE_CONFIG_PATH/inventory/group_vars/wazuh-manager/deployment/wazuh-secrets.yml``

Configure Wazuh Dashboard's Server Host
---------------------------------------

Expand Down
Loading