Credentials' variables blocking beats from running as services on Windows

Hey there,

So, the problem doesn't appear on linux boxes, but only windows ones : win server 2012 and win10. I had the (almost) exact same problem with Winlogbeat, Metricbeat and Filebeat.

Following the documentation concerning how to configure the output with security activated and how to do it securely with a keystore, I added the following lines to the config file:

output.elasticsearch:
  hosts: ["myEShost:9200"]
  username: "${ES_USER}"
  password: "${ES_PWD}" 

Then I actually store those variables in the keystore of the beat.

Trying to Start-Service [beat_name] doesn't work, it gives the following error:

Windows could not start the winlogbeat service on Local Computer.
Error 1053: The service did not respond to the start or control request in a timely fashion.

But if I try to run the beats in the foreground with winlogbeat -e -d "*", there's no error and everything runs fine for winlogbeat and filebeat. Metricbeat also seems to run fine with no error, but it stops sending data after a few minutes (still, without any error and seeming to run fine).

If I replace the variables in the config file by the actual usernames and passwords, like this:

output.elasticsearch:
  hosts: ["myEShost:9200"]
  username: "actual_username"
  password: "actual_password" 

I can run all the Beats as Services and there's no problem at all.

Am I missing something in the documentation ? Or am I doing something else wrong ?

Looking forward to hearing from you as I really don't know where to go from here.

Thanks in advance !

Cheers,

jsu