Encrypt / secure Database password in logstash.conf file


I am new to this Logstash.
I don't want to specify plain text "username" and "password" in logstash.conf for the Database input plugin. Is there any way to do that?

Is there any possible way to encrypt or hide the DB "username" and "password." in log stash config code?

Elastic Search Version 7.0.0
Logstash version 7.0.0

logstash.conf file

input {
jdbc {
jdbc_connection_string => "jdbc:postgresql://DbIP:port/DatabaseName"
jdbc_user => "dbuser"
jdbc_password => " dbpassword "
jdbc_driver_class => "org.postgresql.Driver"
jdbc_driver_library => "/home/Downloads/postgresql-42.1.4.jar"
jdbc_validate_connection => true
statement => 'select *from order_tbl'
use_column_value => true
tracking_column_type =>"numeric"
tracking_column => "ford_id"
clean_run => true
output {
elasticsearch {
user => ESUser
password => ESPassword
ssl => true
sniffing => true
index => "1_999"
document_type => "1_999"
document_id => "%{ford_id}"
hosts => ["https://ESIp:Port"]


Yes, we explain how to do this in https://www.elastic.co/guide/en/logstash/current/keystore.html

Hi Ikakavas,

could you please explain in detail where to go and what need to be done.


We put a lot of effort in our docs so that our users can find answers and solutions to their problems. There is little value in me writing the same things here again, especially without context on what in the docs where not comprehensible.

I shared a documentation link with you just 2 minutes ago, please read this first and make an attempt to solve the issue based on what we describe there. If you do come across any issues trying to apply the documentation, or something is not clear enough, someone in this community will be happy to help you out !


Provided above link about protect elastic search "Password".

The syntax for referencing keys is identical to the syntax for environment variables:


Where KEY is the name of the key.

For example, imagine that the keystore contains a key called ES_PWD with the value yourelasticsearchpassword :

In configuration files, use: output { elasticsearch {...password => "${ES_PWD}" } } }
In logstash.yml , use: xpack.management.elasticsearch.password: ${ES_PWD}

I am looking for the database "username" and "password" from the input plugin.
This is hard code value in logstash config-> jdbc_user => "user" jdbc_password => "password@abc" (this should not be "hardcode")

Below is my code

input {
jdbc {
jdbc_connection_string => "jdbc:mysql:// name"
# The user we wish to execute our statement as
jdbc_user => "user"
jdbc_password => "password@abc"
# The path to our downloaded jdbc driver
jdbc_driver_library => "C:\logstash-6.7.0\bin\mysql-connector-java-8.0.13.jar"
jdbc_driver_class => "com.mysql.jdbc.Driver"
# our query
statement => "Select * from Tablename "
output {
stdout { codec => json_lines }
elasticsearch {
"hosts" => "9200"
"index" => "test"
"document_type" => "data"

Hi all,

Still this feature under investigation?
I have been seeing many links were users are asking for a long time.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.