How can I hide the ssl_key_passphrase?

Ihjaz · October 9, 2017, 10:22am

Hi All,

I have the following configuration

input {
  beats {
    host => "127.0.0.1"
    port => 5044
    ssl => true
    ssl_certificate_authorities => ["/etc/logstash/certs/trust.pem"]
    ssl_certificate => "/etc/logstash/certs/cert.pem"
    ssl_key => "/etc/logstash/certs/p8key.pem"
    ssl_verify_mode => "force_peer"
    ssl_key_passphrase => "passphrase"
  }
}

I'm not supposed to show the passphrase in plain text here. How can I hide this?

magnusbaeck · October 10, 2017, 6:39pm

You can't. The beats input doesn't support encrypted key passphrases.

Badger · October 10, 2017, 7:10pm

You might be able to move the problem using an environment variable. Then you have the problem of how to get the passphrase into an environment variable without having it in plain text anywhere.

system · November 7, 2017, 7:10pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Encrypting the certificate key for SSL Logstash	4	4239	October 19, 2017
Beats input plugin cannot read password protected ssl key Logstash	3	729	July 19, 2019
Why is the ssl_key_passphrase missing in the plugins-outputs-elasticsearch? Logstash elastic-stack-security	7	223	November 27, 2023
Logstash / Beats Encryption Error Logstash	1	175	September 1, 2023
Logstash to Logstash enable security SSL Logstash elastic-stack-security	1	214	August 17, 2022

How can I hide the ssl_key_passphrase?

Related topics