Hello:
So we're implementing SAML on our cluster which has led to the implementation of SSL communications instead of http. That journey is completed and functioning properly including logstash monitoring and management, but now I've hit the logstash pipelines.
Of course, I've had to change all the outputs so that the .p12 keystore and truststore are referenced. For exmple:
keystore => "/etc/logstash/<path to file>.p12"
keystore_password => "<password>"
truststore => "/etc/logstash/<path to file>.p12"
truststore_password => "password"
So that's working fine and all the pipelines are up and running.
What I want though is to reference the logstash-keystore for the truststore and keystore_password. Right now they're out in the clear and I don't want that.
When I added the passwords to the logstash keystore and then referenced the variable in the pipeline (truststore_password => "${this_pwd}" ) I get an error for each pipeline in the log indicating something like could not find the path to the certification. The pipeline can't communicate with Elasticsearch and it just repeats that error.
I know for sure the certs are fine because it works if the password is in the clear, and the logstash ssl monitoring and management settings are all fine because even though I was getting the pipeline communication error, logstash itself was still connecting to Elasticsearch and the license was verified.
I also know that the logstash keystore is fine and the password for the cert is fine because I have the keystore referenced in the monitoring and management settings (both for the user ID and password and the cert and password) in logstash.yml, and again logstash is starting and the license is being verified.
SO my question is, is it possible to reference the logstash keystore in the keystore_password and truststore_password section of the output? Am I doing something wrong with the syntax mentioned above? The documentation would suggest you can do it but there's no indication of any examples.
Thanks in advance for reading!