Skip to content

Encrypt wazuh-secrets.yml once templated #1171

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jul 22, 2024
Merged

Encrypt wazuh-secrets.yml once templated #1171

merged 3 commits into from
Jul 22, 2024

Conversation

MaxBed4d
Copy link
Contributor

No description provided.

@MaxBed4d MaxBed4d requested a review from a team as a code owner July 18, 2024 15:09
@MaxBed4d MaxBed4d force-pushed the wazuh-password-update branch from c0b0860 to 0276fc9 Compare July 18, 2024 15:13
@MaxBed4d MaxBed4d marked this pull request as draft July 18, 2024 15:18
@MaxBed4d MaxBed4d force-pushed the Hide-Wazuh-Secrets branch from b23ba38 to 65029a2 Compare July 18, 2024 15:26
@MaxBed4d MaxBed4d force-pushed the Hide-Wazuh-Secrets branch from 4cea2d7 to 0d10560 Compare July 19, 2024 08:36
@MaxBed4d MaxBed4d requested review from MoteHue and dougszumski July 19, 2024 08:40
@MaxBed4d MaxBed4d marked this pull request as ready for review July 19, 2024 08:41
@Alex-Welsh
Copy link
Member

@MaxBed4d you don't need to make PRs for your own branches 🙂

@MaxBed4d
Copy link
Contributor Author

@MaxBed4d you don't need to make PRs for your own branches 🙂

The changes here were to achieve a different goal from the other branch, however this branch relies and builds on the changes from the other branch.

The two branches felt like two separate PRs, but this could not be merged into main before the other, so to prevent that, I thought that merging this into the other branch was a better idea.

@MaxBed4d MaxBed4d changed the title Generate Wazuh password and encrypt the file at the end. Encrypt wazuh-secrets.yml once templated Jul 19, 2024
@Alex-Welsh
Copy link
Member

@MaxBed4d you don't need to make PRs for your own branches 🙂

The changes here were to achieve a different goal from the other branch, however this branch relies and builds on the changes from the other branch.

The two branches felt like two separate PRs, but this could not be merged into main before the other, so to prevent that, I thought that merging this into the other branch was a better idea.

In the future, one PR for "Wazuh deployment script improvements" with two commits would be fine. I also don't really see how this one relies on the other, they wouldn't conflict.

Base automatically changed from wazuh-password-update to stackhpc/2023.1 July 22, 2024 09:57
dougszumski
dougszumski approved these changes Jul 22, 2024
View reviewed changes
Copy link
Member

@dougszumski dougszumski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @MaxBed4d - this works fine.

@dougszumski dougszumski merged commit d3e36dc into stackhpc/2023.1 Jul 22, 2024
12 checks passed
@dougszumski dougszumski deleted the Hide-Wazuh-Secrets branch July 22, 2024 10:11
markgoddard
markgoddard reviewed Jul 22, 2024
View reviewed changes
etc/kayobe/ansible/wazuh-secrets.yml
debug:
msg: >-
Please encrypt the keys using Ansible Vault.
- name: In-place encrypt wazuh-secrets
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The downside of this no longer being a handler is that it will reencrypt the content each time you run the playbook, even if there are no plain text changes.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would something like this work?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, or going back to a handler.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oops, good spot.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@MaxBed4d please could you also update the doc for the modified process: https://github.com/stackhpc/stackhpc-kayobe-config/blob/Wazuh-Docs-TLS/doc/source/configuration/wazuh.rst#the-short-version

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dougszumski Of course! On it!

MoteHue added a commit that referenced this pull request Aug 6, 2024
@MoteHue
Remove docs to encrypt wazuh secrets
5003bad 
They're encrypted automatically now: #1171
@MoteHue MoteHue mentioned this pull request Aug 6, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dougszumski dougszumski dougszumski approved these changes

@markgoddard markgoddard markgoddard left review comments

@MoteHue MoteHue Awaiting requested review from MoteHue

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@MaxBed4d @Alex-Welsh @dougszumski @markgoddard