diff --git a/.golangci.yml b/.golangci.yml
index 59c856f928c..e4c50438dbf 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -149,9 +149,10 @@ linters-settings:
     go: "1.21.9"
 
   gosec:
+    includes:
+    - G404 # Use of weak random number generator
     excludes:
     - G306 # Expect WriteFile permissions to be 0600 or less
-    - G404 # Use of weak random number generator
     - G401 # Detect the usage of DES, RC4, MD5 or SHA1: Used in non-crypto contexts.
     - G501 # Import blocklist: crypto/md5: Used in non-crypto contexts.
     - G505 # Import blocklist: crypto/sha1: Used in non-crypto contexts.
diff --git a/magefile.go b/magefile.go
index d73b61e8817..4d925438ee1 100644
--- a/magefile.go
+++ b/magefile.go
@@ -2817,3 +2817,13 @@ func getOtelDependencies() (*dependencies, error) {
 		Extensions: extensions,
 	}, nil
 }
+
+// TODO: remove after testing linter for https://github.com/elastic/elastic-agent/pull/4514
+func RandomPassword(passwordLength int) string {
+	runes := []rune("abcdefghijklmnopqrstuvwxyz1234567890!@#$%^&*ABCDEFGHIJKLMNOPQRSTUVWXYZ")
+	var sb strings.Builder
+	for i := 0; i < passwordLength; i++ {
+		sb.WriteRune(runes[rand.Intn(len(runes))])
+	}
+	return sb.String()
+}