Hi
Recently trying to use elasticsearch keystore
when I trying to restart elastic service when a new key added like "mypassword" to created elasticsearch.keystore, got a weird error
Aug 10 10:08:04 debian elasticsearch[10961]: uncaught exception in thread [main]
Aug 10 10:08:04 debian elasticsearch[10961]: java.lang.IllegalArgumentException: unknown secure setting [mypassword] please check that any required plugins are installed, or check the breaking changes documentation for removed settings
Aug 10 10:08:04 debian elasticsearch[10961]: #011at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:532)
Aug 10 10:08:04 debian elasticsearch[10961]: #011at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:477)
Aug 10 10:08:04 debian elasticsearch[10961]: #011at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:448)
Aug 10 10:08:04 debian elasticsearch[10961]: #011at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:419)
The Elasticsearch Keystore is not a general purpose container for secrets. It is an extension of the Elasticsearch configuration mechanism for settings that should be secret. Therefore, it can only be used to store specific values that Elasticsearch expects find there.
Since mypassword is not a recognised setting in Elasticsearch, adding it to the keystore is an error.
That document is a command line reference. It explains how to use the tool.
If you follow the secure settings link at the top of that page you get to a reference on secure settings that says:
Only some settings are designed to be read from the keystore. However, the keystore has no validation to block unsupported settings. Adding unsupported settings to the keystore causes Elasticsearch to fail to start.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.