ECK uses several different sets of credentials for managing an Elasticsearch cluster and currently we don't provide a way for the users to override them. I am not familiar with the third-party plugin you mention so I can't give any specific instructions here. You could potentially try white-listing the elastic-internal and elastic-internal-keystore file realm users if the plugin allows it.