Hi Folks,
I use Logstash to send logs to a cloud SIEM.
In particular I use an output plugin for the SIEM Vendor
In order to authenticate towards the cloud Logstash presents id which is public and don't bother me and key which is kind of sensitive.
Hence I used environmental variable in the config file and it worked like a charm.
However, I just tested it.
For real-live scenarios I'd have to set the variable into the bashrc of an account that is going to be used. When I set the var in the root bashrc Logstash can't see the variable since it runs with the logstash account.
However, I can't set the variable into logstash bashrc since this is a service account and has no interactive shell as you can see below
Service User:/usr/share/logstash:/usr/sbin/nologin
Now I can set the variable in /etc/environment but this is a global config file and every account would see the variable which security wise doesn't seem right to be.
I read about the logstash Secrets keystore but in order to be password-protected I need to again use environmental variable to store the password for the keystore. Correct? Which means that it's the same situation and I'd need to set the variable in /etc/environment
Could you please give me your five cents on the matter?
Thank you in advance.