do you already support usage of elasticsearch keystore for storing secrets required for configuraiton in the elasticsearch.yml such as passphrases for certificates?
Can I configure here the path to elasticsaerch keystore file?
Hi @Kosmonafft
Unfortunately Elasticsearch will not allow any values to be entered into elasticsearch-keystore that are not natively part of security. Therefore entering any settings to do with searchguard or any other external plugin with stop elasticsearch from starting.
There are two cases: passwords in Search Guard configuration files and passwords in Elasticsearch configuration files. In both cases, we recommend using environment variables.
In the case of SG configuration files, you can either use env variables on the nodes, or you can use env variables when uploading configuration changes with sgadmin:
Elasticsearch supports environment variables in the yaml configuration files as well:
I guess having secretes in env variables is the same as having them in clear test in config file (unless you store your config files somewhere for example in git and you want to hide the secrets there of course).