diff --git a/roles/ca/tasks/main.yml b/roles/ca/tasks/main.yml
index bc7bcfc61b299afafe9f9508160c3f4f7766f8ca..fecf37ede7880da62ce6b7641f1672945e2dfe4d 100644
--- a/roles/ca/tasks/main.yml
+++ b/roles/ca/tasks/main.yml
@@ -138,7 +138,7 @@
expect:
command: roles/ca/files/easyrsa/easyrsa export-p12 "{{item.CN}}"
responses:
- Enter Export Password: "{{lookup('password', '{{playbook_dir}}/secrets/passwords/{{item.CN}}')}}"
+ Enter Export Password: "{{lookup('password', '{{playbook_dir}}/secrets/passwords/{{item.CN}} chars=ascii_letters,digits')}}"
with_items:
- "{{USER_MGMT_ADMIN_USER}}"
- "{{soctools_users}}"
@@ -157,7 +157,7 @@
# expect:
# command: openssl pkcs12 -in "{{playbook_dir}}/secrets/CA/private/{{item.CN}}.p12" -out "{{playbook_dir}}/secrets/CA/private/{{item.CN}}.crt.pem" -clcerts -nokeys
# responses:
-# Enter Import Password: "{{lookup('password', '{{playbook_dir}}/secrets/passwords/{{item.CN}}')}}"
+# Enter Import Password: "{{lookup('password', '{{playbook_dir}}/secrets/passwords/{{item.CN}} chars=ascii_letters,digits')}}"
# with_items:
# - "{{USER_MGMT_ADMIN_USER}}"
@@ -165,6 +165,6 @@
# expect:
# command: openssl pkcs12 -in "{{playbook_dir}}/secrets/CA/private/{{item.CN}}.p12" -out "{{playbook_dir}}/secrets/CA/private/{{item.CN}}.key.pem" -nocerts -nodes
# responses:
-# Enter Import Password: "{{lookup('password', '{{playbook_dir}}/secrets/passwords/{{item.CN}}')}}"
+# Enter Import Password: "{{lookup('password', '{{playbook_dir}}/secrets/passwords/{{item.CN}} chars=ascii_letters,digits')}}"
# with_items:
# - "{{USER_MGMT_ADMIN_USER}}"
diff --git a/roles/cortex/tasks/configure.yml b/roles/cortex/tasks/configure.yml
index a02b3a22d65f6b317de414570a9964385cbd037e..7ebfbf79a8fdbc35f01651aeeca21fac38426dae 100644
--- a/roles/cortex/tasks/configure.yml
+++ b/roles/cortex/tasks/configure.yml
@@ -36,7 +36,7 @@
- name: generate api key for admin user
remote_user: root
- shell: "curl -XPOST -u 'admin:{{lookup('password', '{{playbook_dir}}/secrets/passwords/cortex_adminpass')}}' 'http://127.0.0.1:9001/api/user/admin/key/renew'"
+ shell: "curl -XPOST -u 'admin:{{lookup('password', '{{playbook_dir}}/secrets/passwords/cortex_adminpass chars=ascii_letters,digits')}}' 'http://127.0.0.1:9001/api/user/admin/key/renew'"
run_once: True
register: cortexadminuserkey
args:
diff --git a/roles/cortex/templates/admin.json b/roles/cortex/templates/admin.json
index 4eb4b06b976f654ae60506a3fad33a177eeccfdd..d5ee877ef1770f1441a5dca9ff9a64f44677a5a9 100644
--- a/roles/cortex/templates/admin.json
+++ b/roles/cortex/templates/admin.json
@@ -1 +1 @@
-{"login":"admin","name":"Admin","password":"{{lookup('password', '{{playbook_dir}}/secrets/passwords/cortex_adminpass')}}","roles":["superadmin"],"organization":"cortex"}
+{"login":"admin","name":"Admin","password":"{{lookup('password', '{{playbook_dir}}/secrets/passwords/cortex_adminpass chars=ascii_letters,digits')}}","roles":["superadmin"],"organization":"cortex"}
diff --git a/roles/cortex/templates/application.conf.j2 b/roles/cortex/templates/application.conf.j2
index 88f53336f373669fc46da3339e5b1f10d575f352..77c3d53023ed5bc63b5a0de1ce97b2b4b3939504 100644
--- a/roles/cortex/templates/application.conf.j2
+++ b/roles/cortex/templates/application.conf.j2
@@ -6,7 +6,7 @@
#
# IMPORTANT: If you deploy your application to several instances, make
# sure to use the same key.
-play.http.secret.key="{{lookup('password', '{{playbook_dir}}/secrets/passwords/cortex_secret_key')}}"
+play.http.secret.key="{{lookup('password', '{{playbook_dir}}/secrets/passwords/cortex_secret_key chars=ascii_letters,digits')}}"
## ElasticSearch
search {
@@ -34,7 +34,7 @@ search {
## ## Authentication configuration
## search.username = "cortex"
-## search.password = "{{lookup('password', '{{playbook_dir}}/secrets/passwords/cortex_odfe')}}"
+## search.password = "{{lookup('password', '{{playbook_dir}}/secrets/passwords/cortex_odfe chars=ascii_letters,digits')}}"
##
## ## SSL configuration
## search.keyStore {
diff --git a/roles/haproxy/templates/haproxy.cfg.j2 b/roles/haproxy/templates/haproxy.cfg.j2
index 3e3502f844115cc14afcb77e09d24557f9bea99c..c6dd7a59a992f0369d19f471849020cbf15f4aff 100644
--- a/roles/haproxy/templates/haproxy.cfg.j2
+++ b/roles/haproxy/templates/haproxy.cfg.j2
@@ -17,8 +17,8 @@ defaults
timeout server 20s
userlist mycredentials
- user {{soctools_users[0].username}} insecure-password {{lookup('password', '{{playbook_dir}}/secrets/passwords/{{soctools_users[0].username}}')}}
- user {{soctools_users[0].email}} insecure-password {{lookup('password', '{{playbook_dir}}/secrets/passwords/{{soctools_users[0].username}}')}}
+ user {{soctools_users[0].username}} insecure-password {{lookup('password', '{{playbook_dir}}/secrets/passwords/{{soctools_users[0].username}} chars=ascii_letters,digits')}}
+ user {{soctools_users[0].email}} insecure-password {{lookup('password', '{{playbook_dir}}/secrets/passwords/{{soctools_users[0].username}} chars=ascii_letters,digits')}}
listen stats
bind 0.0.0.0:8888 ssl crt /etc/ssl/haproxy alpn h2,http/1.1
@@ -26,7 +26,7 @@ listen stats
stats hide-version
stats uri /
stats realm HAProxy Statistics
- stats auth haproxy:{{lookup('password', '{{playbook_dir}}/secrets/passwords/haproxy_stats')}}
+ stats auth haproxy:{{lookup('password', '{{playbook_dir}}/secrets/passwords/haproxy_stats chars=ascii_letters,digits')}}
tcp-request connection reject if !{ src -f /usr/local/etc/haproxy/stats_whitelist.lst }
listen nifiserv
diff --git a/roles/keycloak/tasks/init.yml b/roles/keycloak/tasks/init.yml
index 59c0655cde6ac6aeea69685604ed100134b28367..99b902d09624a311fa6407984864f5259dd6045d 100644
--- a/roles/keycloak/tasks/init.yml
+++ b/roles/keycloak/tasks/init.yml
@@ -28,7 +28,7 @@
- name: Set admin password
remote_user: jboss
- command: /opt/jboss/keycloak/bin/add-user-keycloak.sh --user "admin" --password "{{lookup('password', '{{playbook_dir}}/secrets/passwords/keycloak_admin')}}"
+ command: /opt/jboss/keycloak/bin/add-user-keycloak.sh --user "admin" --password "{{lookup('password', '{{playbook_dir}}/secrets/passwords/keycloak_admin chars=ascii_letters,digits')}}"
ignore_errors: True
- name: Configure logging format
diff --git a/roles/keycloak/templates/initkeycloakrealm.sh.j2 b/roles/keycloak/templates/initkeycloakrealm.sh.j2
index 7d35f8e049de872be098a8f1683e80c91b8f1f64..b18bd77b48a13aebfbcfb8d5d467f9039d6fb6d4 100644
--- a/roles/keycloak/templates/initkeycloakrealm.sh.j2
+++ b/roles/keycloak/templates/initkeycloakrealm.sh.j2
@@ -6,7 +6,7 @@ exec > /opt/jboss/keycloak/initkeycloak.log 2>&1
kcadm.sh config truststore --trustpass {{lookup('password', '{{playbook_dir}}/secrets/passwords/truststore')}} /opt/jboss/keycloak/cacerts.jks
-kcadm.sh config credentials --server https://{{groups['keycloakcontainers'][0]}}:8443/auth --realm master --user admin --password "{{lookup('password', '{{playbook_dir}}/secrets/passwords/keycloak_admin')}}"
+kcadm.sh config credentials --server https://{{groups['keycloakcontainers'][0]}}:8443/auth --realm master --user admin --password "{{lookup('password', '{{playbook_dir}}/secrets/passwords/keycloak_admin chars=ascii_letters,digits')}}"
kcadm.sh create realms -b '{ "enabled": "true", "id": "{{openid_realm}}", "realm": "{{openid_realm}}"}'
kcadm.sh create realms/{{openid_realm}}/authentication/flows/browser/copy -b '{ "id": "browser-x509", "newName": "X.509 Browser" }'
BROWSERFORM=$(kcadm.sh create realms/{{openid_realm}}/authentication/flows/X.509%20Browser/executions/execution -i -b '{ "provider": "auth-x509-client-username-form" }')
@@ -19,7 +19,7 @@ kcadm.sh create realms/{{openid_realm}}/groups -b '{"name":"GN43WP8T31"}'
kcadm.sh create realms/{{openid_realm}}/users -b '{"enabled":true,"attributes":{"DN": ["{{USER_MGMT_ADMIN_USER.DN}}"],"CN": ["{{USER_MGMT_ADMIN_USER.CN}}"]},"username":"{{USER_MGMT_ADMIN_USER.username}}","groups": ["/GN43WP8T31"] }'
{% for user in soctools_users %}
kcadm.sh create realms/{{openid_realm}}/users -b '{"enabled":true,"attributes":{"DN": ["{{user.DN}}"],"CN": ["{{user.CN}}"]},"username":"{{user.username}}","emailVerified":"","email":"{{user.email}}","firstName":"{{user.firstname}}","lastName":"{{user.lastname}}","groups": ["/GN43WP8T31"] }'
-kcadm.sh set-password -r {{openid_realm}} --username {{user.username}} --new-password {{lookup('password', '{{playbook_dir}}/secrets/passwords/'+user.CN)}}
+kcadm.sh set-password -r {{openid_realm}} --username {{user.username}} --new-password {{lookup('password', '{{playbook_dir}}/secrets/passwords/'+user.CN+' chars=ascii_letters,digits')}}
{% endfor %}
NIFICLIENT=$(kcadm.sh create realms/{{openid_realm}}/clients -i -b '{"enabled":true, "clientId":"soctools-nifi","protocol":"openid-connect","clientAuthenticatorType": "client-secret","redirectUris": ["https://{{soctoolsproxy}}:9443/*" ],"webOrigins": [], "publicClient": false }')
diff --git a/roles/misp/tasks/config.yml b/roles/misp/tasks/config.yml
index cb0522087851bb94924d14b2ec6a1a150e26b0f1..fbe4872bec17519b21685762f3e48b3bf02219da 100644
--- a/roles/misp/tasks/config.yml
+++ b/roles/misp/tasks/config.yml
@@ -1,7 +1,7 @@
---
- name: Change password of default user
- shell: "/var/www/MISP/app/Console/cake Password admin@admin.test {{ lookup('password', '{{playbook_dir}}/secrets/passwords/misp_admin') }}"
+ shell: "/var/www/MISP/app/Console/cake Password admin@admin.test {{ lookup('password', '{{playbook_dir}}/secrets/passwords/misp_admin chars=ascii_letters,digits') }}"
- name: Configure MISP
shell: '/var/www/MISP/app/Console/cake Admin setSetting {{item.var}} {{item.value}}'
diff --git a/roles/nifi/templates/flow.xml.j2 b/roles/nifi/templates/flow.xml.j2
index dcc40b5d326015c961a4815e88fbd589dbd93eea..739c76254ceb146359fd89e10ee9282f11dfe68f 100644
--- a/roles/nifi/templates/flow.xml.j2
+++ b/roles/nifi/templates/flow.xml.j2
@@ -12619,7 +12619,7 @@
<variable name="elastic_username" value="{{ elastic_username }}" />
<variable name="misp_url" value="{{ misp_url }}" />
<variable name="elastic_urls" value="https://soctools-opensearch-1:9200/,https://soctools-opensearch-2:9200/" />
- <variable name="elastic_password" value="{{lookup('password', '{{playbook_dir}}/secrets/passwords/opensearches_adminpass')}}" />
+ <variable name="elastic_password" value="{{lookup('password', '{{playbook_dir}}/secrets/passwords/opensearches_adminpass chars=ascii_letters,digits')}}" />
</rootGroup>
<controllerServices />
<reportingTasks />
diff --git a/roles/opensearch-dashboards/files/env.js.j2 b/roles/opensearch-dashboards/files/env.js.j2
index e1adb4ba1a6a4cc15b79e505921c7f2a4fab5968..d4f495f1472f1c5bc29ffacbcb38ef7224586066 100644
--- a/roles/opensearch-dashboards/files/env.js.j2
+++ b/roles/opensearch-dashboards/files/env.js.j2
@@ -1,4 +1,4 @@
// Default plugin configuration
export const THEHIVE_URL = 'https://{{soctoolsproxy}}:9000';
-export const THEHIVE_API_KEY = '{{lookup('password', '{{playbook_dir}}/secrets/tokens/thehive_kibana_secret_key')}}';
+export const THEHIVE_API_KEY = '{{lookup('password', '{{playbook_dir}}/secrets/tokens/thehive_kibana_secret_key chars=ascii_letters,digits')}}';
export const THEHIVE_OWNER = '{{THEHIVE_KIBANA_USER.username}}'; // default owner account of the created cases
diff --git a/roles/opensearch-dashboards/tasks/init.yml b/roles/opensearch-dashboards/tasks/init.yml
index 8416ad61527238dde37a3d111789b6b909c98ccb..675f9f859f1329d57499ac592850837e641b1b90 100644
--- a/roles/opensearch-dashboards/tasks/init.yml
+++ b/roles/opensearch-dashboards/tasks/init.yml
@@ -78,7 +78,7 @@
- name: Check Opensearch Dashboards health
remote_user: dashboards
shell: 'curl -k -b /tmp/cookie.txt -c /tmp/cookie.txt -X "GET" "https://{{soctoolsproxy}}:5601/api/status" \
- --user admin:{{lookup("password", "{{playbook_dir}}/secrets/passwords/opensearches_adminpass")}} \
+ --user admin:{{lookup("password", "{{playbook_dir}}/secrets/passwords/opensearches_adminpass chars=ascii_letters,digits")}} \
| egrep "status....overall....since...[0-9]{4}-[0-9]{1,2}-[0-9]{1,2}T[0-9]{1,2}:[0-9]{1,2}.[0-9]{1,2}.[0-9]{3}Z...state...green"'
register: result
until: result.rc == 0
@@ -96,7 +96,7 @@
remote_user: dashboards
shell: 'curl -X "POST" "https://{{soctoolsproxy}}:5601/api/saved_objects/_import?overwrite=true" \
-b /tmp/cookie.txt -c /tmp/cookie.txt \
- -k --user admin:{{lookup("password", "{{playbook_dir}}/secrets/passwords/opensearches_adminpass")}} \
+ -k --user admin:{{lookup("password", "{{playbook_dir}}/secrets/passwords/opensearches_adminpass chars=ascii_letters,digits")}} \
-H "osd-xsrf: reporting" -H "Content-Type: multipart/form-data" \
-F "file=@/tmp/opensearch-dashboards_graphs.ndjson"'
ignore_errors: True
@@ -111,7 +111,7 @@
remote_user: dashboards
shell: 'curl -X "POST" "https://{{soctoolsproxy}}:5601/api/v1/configuration/rolesmapping/all_access" \
-b /tmp/cookie.txt -c /tmp/cookie.txt \
- -k --user admin:{{lookup("password", "{{playbook_dir}}/secrets/passwords/opensearches_adminpass")}} \
+ -k --user admin:{{lookup("password", "{{playbook_dir}}/secrets/passwords/opensearches_adminpass chars=ascii_letters,digits")}} \
-H "osd-xsrf: reporting" -H "Content-Type: application/json" \
-d @/tmp/role.json'
diff --git a/roles/opensearch-dashboards/tasks/start.yml b/roles/opensearch-dashboards/tasks/start.yml
index ea222f8841576b57c0b7d5f4cdbcbbc26766ed53..04b8274bd79e81236e5f29775165781ac20c143d 100644
--- a/roles/opensearch-dashboards/tasks/start.yml
+++ b/roles/opensearch-dashboards/tasks/start.yml
@@ -15,7 +15,7 @@
- name: Check Opensearch Dashboards health
remote_user: dashboards
shell: 'curl -k -b /tmp/cookie.txt -c /tmp/cookie.txt -X "GET" "https://{{soctoolsproxy}}:5601/api/status" \
- --user admin:{{lookup("password", "{{playbook_dir}}/secrets/passwords/opensearches_adminpass")}} \
+ --user admin:{{lookup("password", "{{playbook_dir}}/secrets/passwords/opensearches_adminpass chars=ascii_letters,digits")}} \
| egrep "status....overall....since...[0-9]{4}-[0-9]{1,2}-[0-9]{1,2}T[0-9]{1,2}:[0-9]{1,2}.[0-9]{1,2}.[0-9]{3}Z...state...green"'
register: result
until: result.rc == 0
diff --git a/roles/opensearch-dashboards/tasks/update-config.yml b/roles/opensearch-dashboards/tasks/update-config.yml
index f7d6498874ba93b5d57bc812daf83eabd96c472b..fe83ae836d19bda8566406dbb4919beaa855b47f 100644
--- a/roles/opensearch-dashboards/tasks/update-config.yml
+++ b/roles/opensearch-dashboards/tasks/update-config.yml
@@ -30,7 +30,7 @@
remote_user: dashboards
shell: 'curl -X "POST" "https://{{soctoolsproxy}}:5601/api/saved_objects/_import?overwrite=true" \
-b /tmp/cookie.txt -c /tmp/cookie.txt \
- -k --user admin:{{lookup("password", "{{playbook_dir}}/secrets/passwords/opensearches_adminpass")}} \
+ -k --user admin:{{lookup("password", "{{playbook_dir}}/secrets/passwords/opensearches_adminpass chars=ascii_letters,digits")}} \
-H "osd-xsrf: reporting" -H "Content-Type: multipart/form-data" \
-F "file=@/tmp/opensearch-dashboards_graphs.ndjson"'
ignore_errors: True
diff --git a/roles/opensearches/tasks/init.yml b/roles/opensearches/tasks/init.yml
index 0337287cdc7e605e2a6889268b757fe338b8fc2c..faa9696ef29e766f409d0c847c9b064e35068f7d 100644
--- a/roles/opensearches/tasks/init.yml
+++ b/roles/opensearches/tasks/init.yml
@@ -37,7 +37,7 @@
- name: Change password for admin
remote_user: opensearch
- shell: export OPENSEARCH_JAVA_HOME=/opt/opensearch/jdk; bash plugins/opensearch-security/tools/hash.sh -p {{lookup('password', '{{playbook_dir}}/secrets/passwords/opensearches_adminpass')}} | tail -n 1
+ shell: export OPENSEARCH_JAVA_HOME=/opt/opensearch/jdk; bash plugins/opensearch-security/tools/hash.sh -p {{lookup('password', '{{playbook_dir}}/secrets/passwords/opensearches_adminpass chars=ascii_letters,digits')}} | tail -n 1
register: adminhash
- set_fact:
@@ -46,7 +46,7 @@
- name: Change password for cortex
remote_user: opensearch
- shell: export OPENSEARCH_JAVA_HOME=/opt/opensearch/jdk; bash plugins/opensearch-security/tools/hash.sh -p {{lookup('password', '{{playbook_dir}}/secrets/passwords/cortex_opensearch')}} | tail -n 1
+ shell: export OPENSEARCH_JAVA_HOME=/opt/opensearch/jdk; bash plugins/opensearch-security/tools/hash.sh -p {{lookup('password', '{{playbook_dir}}/secrets/passwords/cortex_opensearch chars=ascii_letters,digits')}} | tail -n 1
register: cortexhash
- set_fact:
@@ -77,7 +77,7 @@
- name: Configure Opensearch security
remote_user: opensearch
- shell: "export OPENSEARCH_JAVA_HOME=/opt/opensearch/jdk; bash ./plugins/opensearch-security/tools/securityadmin.sh -h {{groups['opensearchescontainers'][0]}} -cd /opt/opensearch/config/opensearch-security/ -ks '/opt/opensearch/config/{{soctools_users[0].CN}}.p12' -kspass {{lookup('password', '{{playbook_dir}}/secrets/passwords/{{soctools_users[0].CN}}')}} {{lookup('password','{{playbook_dir}}/secrets/passwords/{{soctools_users[0].CN}}')}} -ts /opt/opensearch/config/cacerts.jks -tspass {{lookup('password', '{{playbook_dir}}/secrets/passwords/truststore')}} -cn soctools-cluster"
+ shell: "export OPENSEARCH_JAVA_HOME=/opt/opensearch/jdk; bash ./plugins/opensearch-security/tools/securityadmin.sh -h {{groups['opensearchescontainers'][0]}} -cd /opt/opensearch/config/opensearch-security/ -ks '/opt/opensearch/config/{{soctools_users[0].CN}}.p12' -kspass {{lookup('password', '{{playbook_dir}}/secrets/passwords/{{soctools_users[0].CN}} chars=ascii_letters,digits')}} {{lookup('password','{{playbook_dir}}/secrets/passwords/{{soctools_users[0].CN}} chars=ascii_letters,digits')}} -ts /opt/opensearch/config/cacerts.jks -tspass {{lookup('password', '{{playbook_dir}}/secrets/passwords/truststore')}} -cn soctools-cluster"
when: "'{{groups['opensearchescontainers'][0]}}' in inventory_hostname"
- name: Set Autostart for supervisord's services
diff --git a/roles/thehive/tasks/createusers.yml b/roles/thehive/tasks/createusers.yml
index 9179cc5abca41b6a516d82c4cccbc955eb29bbdd..8a974720de87622d04b2ed15800e7c6a2a90420d 100644
--- a/roles/thehive/tasks/createusers.yml
+++ b/roles/thehive/tasks/createusers.yml
@@ -10,7 +10,7 @@
- name: create users
remote_user: root
- shell: "curl -H 'Authorization: Bearer {{lookup('password', '{{playbook_dir}}/secrets/tokens/thehive_secret_key')}}' -H 'Content-Type: application/json' http://127.0.0.1:9000/api/user -d @/tmp/{{ item.username}}.json"
+ shell: "curl -H 'Authorization: Bearer {{lookup('password', '{{playbook_dir}}/secrets/tokens/thehive_secret_key chars=ascii_letters,digits')}}' -H 'Content-Type: application/json' http://127.0.0.1:9000/api/user -d @/tmp/{{ item.username}}.json"
args:
warn: false
with_items:
diff --git a/roles/thehive/tasks/kibanauser.yml b/roles/thehive/tasks/kibanauser.yml
index d4b44b09497a44df36d584f7ece27b5dc2084304..0041a5d1f53a9b0548ec52780b21597b4a3632d9 100644
--- a/roles/thehive/tasks/kibanauser.yml
+++ b/roles/thehive/tasks/kibanauser.yml
@@ -8,7 +8,7 @@
- name: create kibana user
remote_user: root
- shell: "curl -H 'Authorization: Bearer {{lookup('password', '{{playbook_dir}}/secrets/tokens/thehive_secret_key')}}' -H 'Content-Type: application/json' http://127.0.0.1:9000/api/user -d @/tmp/kibanauser.json | cut -d\\\" -f4"
+ shell: "curl -H 'Authorization: Bearer {{lookup('password', '{{playbook_dir}}/secrets/tokens/thehive_secret_key chars=ascii_letters,digits')}}' -H 'Content-Type: application/json' http://127.0.0.1:9000/api/user -d @/tmp/kibanauser.json | cut -d\\\" -f4"
register: kibanauser
args:
warn: false
@@ -18,7 +18,7 @@
- name: create API key for kibana user
remote_user: root
- shell: "curl -XPOST -H 'Authorization: Bearer {{lookup('password', '{{playbook_dir}}/secrets/tokens/thehive_secret_key')}}' -H 'Content-Type: application/json' http://127.0.0.1:9000/api/v1/user/{{kibanauser.stdout}}/key/renew 2> /dev/null | tee /tmp/kibanaapikey"
+ shell: "curl -XPOST -H 'Authorization: Bearer {{lookup('password', '{{playbook_dir}}/secrets/tokens/thehive_secret_key chars=ascii_letters,digits')}}' -H 'Content-Type: application/json' http://127.0.0.1:9000/api/v1/user/{{kibanauser.stdout}}/key/renew 2> /dev/null | tee /tmp/kibanaapikey"
register: kibanaapikey
args:
warn: false
diff --git a/roles/thehive/tasks/organization.yml b/roles/thehive/tasks/organization.yml
index 4477ab32fe13b94b946dc29a66dc9063e4896f28..b3f03deb4a55d219082e50493894066565305db2 100644
--- a/roles/thehive/tasks/organization.yml
+++ b/roles/thehive/tasks/organization.yml
@@ -5,7 +5,7 @@
url: "http://127.0.0.1:9000/api/organisation"
method: POST
headers:
- Authorization: "Bearer {{lookup('password', '{{playbook_dir}}/secrets/tokens/thehive_secret_key')}}"
+ Authorization: "Bearer {{lookup('password', '{{playbook_dir}}/secrets/tokens/thehive_secret_key chars=ascii_letters,digits')}}"
body_format: form-urlencoded
body:
name: "{{ org_name }}"
diff --git a/roles/thehive/templates/adminpass.json b/roles/thehive/templates/adminpass.json
index 96292dbc219846f77c437dbd7f92fee4fd4e949a..373d30cc171bc4cbf8e015f347fd61a8eefc39a1 100644
--- a/roles/thehive/templates/adminpass.json
+++ b/roles/thehive/templates/adminpass.json
@@ -1 +1 @@
-{"password":"{{lookup('password', '{{playbook_dir}}/secrets/passwords/thehive_adminpass')}}"}
+{"password":"{{lookup('password', '{{playbook_dir}}/secrets/passwords/thehive_adminpass chars=ascii_letters,digits')}}"}
diff --git a/roles/thehive/templates/application.conf.j2 b/roles/thehive/templates/application.conf.j2
index b9f07820acf3008d85f46e67531ef875c8d6ef6b..b2f39d63dc9654330a14625fdc91ec15454b278e 100644
--- a/roles/thehive/templates/application.conf.j2
+++ b/roles/thehive/templates/application.conf.j2
@@ -5,7 +5,7 @@
## Include Play secret key
# More information on secret key at https://www.playframework.com/documentation/2.8.x/ApplicationSecret
#include "/etc/thehive/secret.conf"
-play.http.secret.key="{{lookup('password', '{{playbook_dir}}/secrets/tokens/thehive_secret_key')}}"
+play.http.secret.key="{{lookup('password', '{{playbook_dir}}/secrets/tokens/thehive_secret_key chars=ascii_letters,digits')}}"
## Database configuration
db.janusgraph {
diff --git a/utils/flow2template.py b/utils/flow2template.py
index 3a6f1fe83f34afcd67d67c84de0fd3ab06e3ca39..a24912d57672b4bc0098c3d3d30a6dfa2a1d088f 100755
--- a/utils/flow2template.py
+++ b/utils/flow2template.py
@@ -23,7 +23,7 @@ for v in et.findall(".//variable"):
elif a['name']=="elastic_username":
a['value']="{{ elastic_username }}"
elif a['name']=="elastic_password":
- a['value']="{{lookup('password', '{{playbook_dir}}/secrets/passwords/opensearches_adminpass')}}"
+ a['value']="{{lookup('password', '{{playbook_dir}}/secrets/passwords/opensearches_adminpass chars=ascii_letters,digits')}}"
for v in et.findall(".//controllerService[name='Soctools CA']/property[name='Truststore Password']/value"):
v.text="{{lookup('password', '{{playbook_dir}}/secrets/passwords/truststore')}}"