Passwords in elasticsearch.yml

Can the hash.sh be used to hash the passwords for Search Guard pemkey, keystore or truststore passwords in elasticsearch.yml? If not what would be the best option using the elasticsearch-keystore, kibana-keystore and logstash-keystore to store them and just do a call back to them in the yml files?

We can use Search Guard TLS Tool of Search Guard .Search Guard itself providing multiple options to generate the certificates.

Please check below link

https://docs.search-guard.com/latest/offline-tls-tool

···

On Fri, May 18, 2018 at 7:18 PM, djohnson@integritypays.com wrote:

Can the hash.sh be used to hash the passwords for Search Guard pemkey, keystore or truststore passwords in elasticsearch.yml? If not what would be the best option using the elasticsearch-keystore, kibana-keystore and logstash-keystore to store them and just do a call back to them in the yml files?

integritypays.com | 888.477.4510
1700 Higgins Rd, Suite 690, Des Plaines, IL 60018


You received this message because you are subscribed to the Google Groups “Search Guard Community Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.

To post to this group, send email to search-guard@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/6b3eab5e-1f9f-487f-9038-7356f5f5aa63%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Thanks&Regards

Somasekhar K
9916483548

The hash.sh can’t be used to hash the PEM or truststore passwords. It produces a BCrypt hash suitable for the Search Guard internal user database only.

I guess the question is how to make elasticsearch.yml free of passwords, right? In that case the recommendation is to use environment variable substitution:

https://www.elastic.co/guide/en/elasticsearch/reference/current/settings.html

···

On Friday, May 18, 2018 at 3:48:33 PM UTC+2, djohnson@integritypays.com wrote:

Can the hash.sh be used to hash the passwords for Search Guard pemkey, keystore or truststore passwords in elasticsearch.yml? If not what would be the best option using the elasticsearch-keystore, kibana-keystore and logstash-keystore to store them and just do a call back to them in the yml files?

If you use TLS TOOLS then check tlsconfig.yml file.In that file pkPassword parameter value.pkPassword is the PEM or truststore password.

···

On Sat, May 19, 2018 at 2:44 AM, Jochen Kressin jkressin@floragunn.com wrote:

The hash.sh can’t be used to hash the passwords of the passwords of the PEM or truststore passwords. It produces a BCrypt hash suitable for the Search Guard internal user database only.

I guess the question is how to make elasticsearch.yml free of passwords, right? In that case the recommendation is to use environment variable substitution:

https://www.elastic.co/guide/en/elasticsearch/reference/current/settings.html

On Friday, May 18, 2018 at 3:48:33 PM UTC+2, djohnson@integritypays.com wrote:

Can the hash.sh be used to hash the passwords for Search Guard pemkey, keystore or truststore passwords in elasticsearch.yml? If not what would be the best option using the elasticsearch-keystore, kibana-keystore and logstash-keystore to store them and just do a call back to them in the yml files?

You received this message because you are subscribed to the Google Groups “Search Guard Community Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.

To post to this group, send email to search-guard@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/304a5f62-8742-4fa5-8978-5bf3cfe03936%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Thanks&Regards

Somasekhar K
9916483548