diff --git a/salt/kibana/secrets.sls b/salt/kibana/secrets.sls index a863f114b..b1b021095 100644 --- a/salt/kibana/secrets.sls +++ b/salt/kibana/secrets.sls @@ -1,9 +1,14 @@ {% from 'allowed_states.map.jinja' import allowed_states %} {% if sls in allowed_states %} - {% set kibana_encryptedSavedObjects_encryptionKey = salt['pillar.get']('kibana:secrets:encryptedSavedObjects:encryptionKey', salt['random.get_str'](72)) %} - {% set kibana_security_encryptionKey = salt['pillar.get']('kibana:secrets:security:encryptionKey', salt['random.get_str'](72)) %} - {% set kibana_reporting_encryptionKey = salt['pillar.get']('kibana:secrets:reporting:encryptionKey', salt['random.get_str'](72)) %} + {% set DIGITS = "1234567890" %} + {% set LOWERCASE = "qwertyuiopasdfghjklzxcvbnm" %} + {% set UPPERCASE = "QWERTYUIOPASDFGHJKLZXCVBNM" %} + {% set SYMBOLS = "~!@#$%^&*()-_=+[]|;:,.<>?" %} + {% set CHARS = DIGITS~LOWERCASE~UPPERCASE~SYMBOLS %} + {% set kibana_encryptedSavedObjects_encryptionKey = salt['pillar.get']('kibana:secrets:encryptedSavedObjects:encryptionKey', salt['random.get_str'](72, chars=CHARS)) %} + {% set kibana_security_encryptionKey = salt['pillar.get']('kibana:secrets:security:encryptionKey', salt['random.get_str'](72, chars=CHARS)) %} + {% set kibana_reporting_encryptionKey = salt['pillar.get']('kibana:secrets:reporting:encryptionKey', salt['random.get_str'](72, chars=CHARS)) %} kibana_pillar_directory: file.directory: @@ -18,11 +23,11 @@ kibana_secrets_pillar: kibana: secrets: encryptedSavedObjects: - encryptionKey: {{ kibana_encryptedSavedObjects_encryptionKey }} + encryptionKey: "{{ kibana_encryptedSavedObjects_encryptionKey }}" security: - encryptionKey: {{ kibana_security_encryptionKey }} + encryptionKey: "{{ kibana_security_encryptionKey }}" reporting: - encryptionKey: {{ kibana_reporting_encryptionKey }} + encryptionKey: "{{ kibana_reporting_encryptionKey }}" - show_changes: False {% else %}