The elasticsearch keystore works by the elasticsearch code looking up setting values directly in the keystore. There are no references to keystore values inside elasticsearch.yml.
In your case, check the email notification docs (specifically the secure_password setting). You would set it with a keystore command like this:
Thanks Ryan. I don't think I have this capability in 5.6. Looks like the keystore command is only available after 6.x
Currently, neither Watcher nor Shield provide a mechanism to encrypt settings in elasticsearch.yml . Because the email account credentials appear in plain text, you should limit access to elasticsearch.yml to the user that you use to run Elasticsearch.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.