From 1ffdcab3bee688783eff845be2f2e6b787cabb8f Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 9 Apr 2026 22:21:35 -0400 Subject: [PATCH] Add postgres adminPassword to SOC module config Injects the postgres superuser password from secrets pillar so SOC can run schema migrations as admin before switching to the app user for normal operations. --- salt/soc/defaults.map.jinja | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/salt/soc/defaults.map.jinja b/salt/soc/defaults.map.jinja index 99e85e364..d99cf57f7 100644 --- a/salt/soc/defaults.map.jinja +++ b/salt/soc/defaults.map.jinja @@ -25,7 +25,8 @@ {% do SOCDEFAULTS.soc.config.server.modules.elastic.update({'username': GLOBALS.elasticsearch.auth.users.so_elastic_user.user, 'password': GLOBALS.elasticsearch.auth.users.so_elastic_user.pass}) %} {% if GLOBALS.postgres is defined and GLOBALS.postgres.auth is defined %} -{% do SOCDEFAULTS.soc.config.server.modules.update({'postgres': {'hostUrl': GLOBALS.manager_ip, 'port': 5432, 'username': GLOBALS.postgres.auth.users.so_postgres_user.user, 'password': GLOBALS.postgres.auth.users.so_postgres_user.pass, 'dbname': 'securityonion', 'sslMode': 'require', 'assistantEnabled': true}}) %} +{% set PG_ADMIN_PASS = salt['pillar.get']('secrets:postgres_pass', '') %} +{% do SOCDEFAULTS.soc.config.server.modules.update({'postgres': {'hostUrl': GLOBALS.manager_ip, 'port': 5432, 'username': GLOBALS.postgres.auth.users.so_postgres_user.user, 'password': GLOBALS.postgres.auth.users.so_postgres_user.pass, 'adminUser': 'postgres', 'adminPassword': PG_ADMIN_PASS, 'dbname': 'securityonion', 'sslMode': 'require', 'assistantEnabled': true}}) %} {% endif %} {% do SOCDEFAULTS.soc.config.server.modules.influxdb.update({'hostUrl': 'https://' ~ GLOBALS.influxdb_host ~ ':8086'}) %}