I have a bash script that automates the installation and configuration of Elastic, Kibana, Logstash, and filebeat.
I am currently trying to secure my Kibana. I have enabled xpack in my elastic.yml: xpack.security.enabled: true.
And have included bin/elasticsearch-setup-passwords auto to the script, but this would still require the user to manually copy the password into the kibana.yml file. Is there any way to specifically set what I want my password to be in the script and just put whatever I have set in my kibana.yml file so everything is still automated?
Here's another idea. when you run manually the elasticsearch-keystore or the reset password it will generate an encrypted keystore file stored in your system, maybe you can store them in a vault together with the encryption key so when you deploy them automatically you also deploy the keystore and the encryption key.