Encrypt/protect logstash lookup files?


For my companies product we are in the need to encrypt/protect the lookup files used in our pipeline.


I don't think this is possible out of the box as even ElasticSearch expects the encryption to be done by the operating system.

You could try one of the following:

  1. Use an ElasticSearch filter for the lookup. The data would be stored within ElasticSearch instead of cleartext files on the system. This could decrease the performance.
  2. Store the file encrypted on a separate path and decrypt the file to the required location on the LogStash startup as part of the startup script. After LogStash startup is completed the file can be deleted again. This expects that LogStash does not try to re-read the file(e.g. on pipeline reload).
  3. Use the central LogStash config where the pipeline is stored within ElasticSearch and store the mapping directly in the pipeline instead of a separate file.

These are the only things I could think of but maybe someone has a better idea for you.

Best regards

Thank you for the suggestion - I will look into it

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.