And I have another guess what can cause it (if I am not right about that this code does not read from the keystore).
With docker (in my case kubernetes) I keep only data folder as stateful. Also I add the keys into keystore after my ES is already started. So there are two issues:
- Looking on https://github.com/elastic/elasticsearch/issues/26589 - seems like these settings should be set before you start ES.
- Because of Docker environments - keystore is stored near elasticsearch.yml file, which means that I do not keep it between restarts.
As a workaround I assume I can use es.allow_insecure_settings and use old way, but it does not seems like a documented flag, not sure where I can set it.