Does watcher 1.0 support PKI-based authentication like later versions of wathcher do? I see "When you use PKI-based authentication instead of HTTP basic auth, you don’t need to store any authentication information in the watch itself. To use PKI-based authentication, you configure the SSL keystore path and password for Watcher in elasticsearch.yml. If the watcher.http.ssl.keystore.path and watcher.http.ssl.keystore password are not set, the Watcher HTTP client falls back to the Shield settings, shield.ssl.keystore.path and shield.ssl.keystore.password." at https://www.elastic.co/guide/en/watcher/current/actions.html if version 2.4 is selected. (And perhaps it's in the info for other versions as well, I didn't check). But, when I switch to 1.0, the PKI/SSL info is not there.
(Yes, we are going to upgrade. Beginning of the year!)