Creating Secrets in Elastic Fleet

I'm using Elastic Cloud v8.12.0. Documentation for Fleet gives instructions on how to use a Fleet secret in an integration policy, but how to I actually CREATE one? I can't find the information in the documentation.


OK - after reading the documentation and the discussion on Github more closely, it appears that there's no mechanism to create a secret and then consume it, the magic happens when an integration that supports secrets is saved from the Fleet UI, is this correct? In other words secret is created and the appropriate key is substituted when an integration which supports secrets is deployed, is this right?


Hi DougR,

Yes, currently only integrations that mark variables as secret are going to be stored as secrets.

Are there plans to create a generic secret vault in order to make secrets available for use? E.g., I can specify MYAPP_PROD_USERNAME in the vault and reference it in my configuration as ${MYAPP_PROD_USERNAME}?

Our use case is that we are moving to using the Elasticstack Terraform Provider to manage our stack (including policies) so that we can place our configuration under version control. Using the postgres integration as an example, if I utilize the provider to push a password as part of my configuration and the integration immediately places it into the vault and replaces it with a reference such as ${SECRET_0}, then this creates configuration drift which will result in the configuration being updated the next time the terraform configuration is applied.

An alternative would be a way to allow a user to specify environment variables in the policy (or for the agent) which could be accessed with the env provider.


1 Like

I'm not aware of any plans as of now, but you are welcome to raise a feature request here, and we will evaluate the feasibility.


Submitted here.

Thank you for your response and clarification.