Elasticsearch.yml and Keystore examples

Does anyone have an example of how to call the keystore password from the yml file?

I'm clear on how to create the keystore from the link below, but unsure how to call the password from inside the elasticsearch.yml file. Help. Thanks.

https://www.elastic.co/guide/en/elasticsearch/reference/5.6/secure-settings.html

I should clarify, this password is for my email configuration. Below is an excerpt from my yml file.

xpack.notification.email.account:
  exchange_account:
    profile: dion
    email_defaults:
      from: dion@domain.com
    smtp:
      auth: true
      starttls.enable: true
      host: smtp.domain.com
      port: 25
      user: dion@domain.com
      password: "password"

The elasticsearch keystore works by the elasticsearch code looking up setting values directly in the keystore. There are no references to keystore values inside elasticsearch.yml.

In your case, check the email notification docs (specifically the secure_password setting). You would set it with a keystore command like this:

echo "mypassword" | bin/elasticsearch-keystore add --stdin xpack.notification.email.account.exchange_account.smtp.secure_password

Thanks Ryan. I don't think I have this capability in 5.6. Looks like the keystore command is only available after 6.x

Currently, neither Watcher nor Shield provide a mechanism to encrypt settings in elasticsearch.yml . Because the email account credentials appear in plain text, you should limit access to elasticsearch.yml to the user that you use to run Elasticsearch.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.