CR-2026-02-25: Wazuh Credential Rotation

Change Summary

CR ID

CR-2026-02-25-002

Date

2026-02-25

Priority

P0 - Emergency

Type

Security - Credential Rotation

Status

Completed

Rotate Wazuh indexer credentials that were inadvertently exposed in Claude Code settings file.

Wazuh uses three separate credentials:

Secret Username Component Purpose

Secret	Username	Component	Purpose
`indexer-cred`	admin	OpenSearch (Indexer)	Admin API access, cluster management
`dashboard-cred`	kibanaserver	Dashboard → Indexer	Backend auth for dashboard queries
`wazuh-api-cred`	wazuh-wui	Manager API	UI authentication

indexer-cred

admin

OpenSearch (Indexer)

Admin API access, cluster management

dashboard-cred

kibanaserver

Dashboard → Indexer

Backend auth for dashboard queries

wazuh-api-cred

wazuh-wui

Manager API

UI authentication

Only indexer-cred was exposed.