How can I hide the ssl_key_passphrase?


(Ihjaz Mohamed) #1

Hi All,

I have the following configuration

input {
  beats {
    host => "127.0.0.1"
    port => 5044
    ssl => true
    ssl_certificate_authorities => ["/etc/logstash/certs/trust.pem"]
    ssl_certificate => "/etc/logstash/certs/cert.pem"
    ssl_key => "/etc/logstash/certs/p8key.pem"
    ssl_verify_mode => "force_peer"
    ssl_key_passphrase => "passphrase"
  }
}

I'm not supposed to show the passphrase in plain text here. How can I hide this?


(Magnus B├Ąck) #2

You can't. The beats input doesn't support encrypted key passphrases.


#3

You might be able to move the problem using an environment variable. Then you have the problem of how to get the passphrase into an environment variable without having it in plain text anywhere.


(system) #4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.