Functionbeat package command creates zip archive with credentials visible in plaintext


When I use the Functionbeat manager to package up Functionbeat and the Yaml file into a zip archive for use with AWS Lambda the zip archive is generated with the password for the Elasticsearch user in plaintext in the yaml file. This is the case even if I add the password to the functionbeat keystore and then reference it using the ${VAR} syntax provided in the documentation.

Example code

  # Array of hosts to connect to.
  hosts: ["BLAH"]
  protocol: "https"
  username: "BLAH"
  password: ${ITS_A_SECRET}

When I generate the zip using the package command the yaml generated contains the password in plaintext.

Is this intentional? Perhaps I'm doing something wrong but it would be great to get some help as I can't find much in the way of help from the documentation :smiley:

Thank you,