← All posts
kubernetesdevops

Updating wazuh manager password in kubernetes

· 2 min read

Blogger logo

After scouring the internet (where even the LLM was giving me wrong answers), I had to scour for information scattered across gitub issues and various blog posts. All of them were slightly wrong so I want to document my steps on updating the wazuh dashboard admin password for a kubernetes deployment of wazuh.

Here is how I did it.

The guide assumes the wazuh-kubernetes repository was used to deploy the cluster.

Step 1 - Generate the password hash

Shell into wazuh-indexer pod

kubectl exec -it -n wazuh pod/wazuh-indexer-0 -- bash

Generate password (the output will be a hash. Remember this!):

export JAVA_HOME=/usr/share/wazuh-indexer/jdk
bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/hash.sh
<type your password>
<PW_HASH>

Step 2 - Base64 encode your password

Outside of the indexer pod, base64 encode your password. We will need both later.

echo -n <new_password> | base64

So we should have a <PW_HASH> from step1 and a <PW_BASE64> from step2.

Step 3 - Replace the secret files

  • In wazuh-kubernetes/wazuh/secrets/indexer-cred-secret.yaml - replace the password with <PW_BASE64>
  • In wazuh-kubernetes/wazuh/indexer_stack/wazuh-indexer/indexer_conf/internal_users.yml - replace the hash with <PW_HASH>

And run kubectl apply -k envs/local-env/

Step 4 - Run securityadmin script

This is where my steps differed slightly. Instead of port 9300 - mine was 9200. Also, instead of /usr/share/wazuh-indexer/plugins/opensearch-security/securityconfig/, mine was /usr/share/wazuh-indexer/config/opensearch-security/. Basically i just had to find the yaml files that were edited. They were somewhere in /usr/share/wazuh-indexer/ so I just did a grep.

export INSTALLATION_DIR=/usr/share/wazuh-indexer
export OPENSEARCH_PATH_CONF=${INSTALLATION_DIR}/config
export CACERT=$OPENSEARCH_PATH_CONF/certs/root-ca.pem
export KEY=$OPENSEARCH_PATH_CONF/certs/admin-key.pem
export CERT=$OPENSEARCH_PATH_CONF/certs/admin.pem
export JAVA_HOME=/usr/share/wazuh-indexer/jdk

bash /usr/share/wazuh-indexer/plugins/opensearch-security/tools/securityadmin.sh -cd /usr/share/wazuh-indexer/config/opensearch-security/ -nhnv -cacert  $CACERT -cert $CERT -key $KEY -p 9200 -icl -h localhost

Step 5 - Restart the pods & login

kubectl delete -n wazuh  pod/wazuh-manager-master-0   pod/wazuh-manager-worker-0
and login to the wazuh dashboard. It should work now!

References