Secret Management for LDAP Password

emreb · May 10, 2021, 9:38am

Hello Everyone,

Is it possible to obfuscate or use Keystore for passwords in sg_config.yml. Currently, the LDAP password is in clear text, and according to our compliance team this a problem.

We already limit access to the server and sg_config.yml file, also limit permissions of LDAP user. I need to somehow not use a clear-text password in config files.

All acceptable methods are;

-Hashing password
-using Keystore/truststore
-Obfusticate Password

I already check the documentation but can not find an answer.

Thank you for your help in advance.

sirHusky · May 10, 2021, 7:08pm

Hi @emreb Welcome to the forum!

Did you have a look at the docs here

Are any of those options suitable? The interesting part is that the configs don’t need to be present on the node after upload at all. Would it be more straight forward to remove it entirely? It can later be retrieved from the security index if needed using sgadmin.sh script with admin cert.

Topic		Replies	Views
LDAP authentication with search guard-5 Search Guard	1	343	June 27, 2017
ES 2.2 and SG 2.2 and LDAP Search Guard	0	339	March 9, 2016
what is the purpose of Hash key Search Guard	1	410	November 19, 2018
Two questions Search Guard	1	307	June 29, 2016
cannot change password for role given by example. Search Guard	1	356	July 12, 2016

Secret Management for LDAP Password

Related Topics