Can not run elastic after add keystore

Hi
Recently trying to use elasticsearch keystore
when I trying to restart elastic service when a new key added like "mypassword" to created elasticsearch.keystore, got a weird error

Aug 10 10:08:04 debian elasticsearch[10961]: uncaught exception in thread [main]
Aug 10 10:08:04 debian elasticsearch[10961]: java.lang.IllegalArgumentException: unknown secure setting [mypassword] please check that any required plugins are installed, or check the breaking changes documentation for removed settings
Aug 10 10:08:04 debian elasticsearch[10961]: #011at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:532)
Aug 10 10:08:04 debian elasticsearch[10961]: #011at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:477)
Aug 10 10:08:04 debian elasticsearch[10961]: #011at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:448)
Aug 10 10:08:04 debian elasticsearch[10961]: #011at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:419)

any help grateful

Please share the full commands you ran and their output.

/usr/share/elasticsearch/bin/elasticsearch-keystore add mypassword

to add a value to elasticsearch.keystore
since I login as root then I type

chown root:elasticsearch /etc/elasticsearch/elasticsearch.keystore
chmod 660 /etc/elasticsearch/elasticsearch.keystore

after that, the above error appear

There seems to be some confusion here.

The Elasticsearch Keystore is not a general purpose container for secrets. It is an extension of the Elasticsearch configuration mechanism for settings that should be secret. Therefore, it can only be used to store specific values that Elasticsearch expects find there.

Since mypassword is not a recognised setting in Elasticsearch, adding it to the keystore is an error.

do you have any reference?
Can't find anything about it
even here
https://www.elastic.co/guide/en/elasticsearch/reference/current/elasticsearch-keystore.html

That document is a command line reference. It explains how to use the tool.
If you follow the secure settings link at the top of that page you get to a reference on secure settings that says:

Only some settings are designed to be read from the keystore. However, the keystore has no validation to block unsupported settings. Adding unsupported settings to the keystore causes Elasticsearch to fail to start.

1 Like

thanks

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.