From 65029a27c8c8f9ab783adadca5eabb7aad2604ea Mon Sep 17 00:00:00 2001 From: "max.bed4d" Date: Thu, 18 Jul 2024 15:58:12 +0100 Subject: [PATCH] Generate Wazuh password and encrypt the file at the end. --- etc/kayobe/ansible/wazuh-secrets.yml | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/etc/kayobe/ansible/wazuh-secrets.yml b/etc/kayobe/ansible/wazuh-secrets.yml index 1d40b358d..1aaf2b615 100644 --- a/etc/kayobe/ansible/wazuh-secrets.yml +++ b/etc/kayobe/ansible/wazuh-secrets.yml @@ -26,13 +26,16 @@ wazuh_password: "{{ random_password.stdout }}" - name: Template new secrets + no_log: True template: src: wazuh-secrets.yml.j2 dest: "{{ wazuh_secrets_path }}" - notify: Please encrypt keys - handlers: - - name: Please encrypt keys - debug: - msg: >- - Please encrypt the keys using Ansible Vault. + - name: In-place encrypt wazuh-secrets + copy: + content: "{{ lookup('ansible.builtin.file', wazuh_secrets_path) | ansible.builtin.vault(ansible_vault_password) }}" + dest: "{{ wazuh_secrets_path }}" + decrypt: false + vars: + ansible_vault_password: "{{ lookup('ansible.builtin.env', 'KAYOBE_VAULT_PASSWORD') }}" +