How to use keystore in Dockerized logstash?

I am referring this help document to setup logstash 7.3.2 using docker and wanted to pass few environment variables which I further want to access in my input block of the.conf files

Eg:

docker run -e TCP_PORT=123...

input {
  tcp {
    port => "${TCP_PORT}"
  }
}

But I am getting some ERROR message saying that keystore must be setup to access the ENV variables

I came across this guide for configuring keystore and would like to know what should my Dockerfile look like such that I have keystore setup and my conf file can access ENV variables as well ?

Current Dockerfile
FROM docker.elastic.co/logstash/logstash:7.3.2
RUN rm -f /usr/share/logstash/pipeline/logstash.conf
ADD logstash.yml /usr/share/logstash/config/logstash.yml
ADD service.conf /usr/share/logstash/pipeline/service.conf

Should I also ADD my local keystore file to the docker image ?
If yes, does that mean everytime I need to add new ENV variable, I have to rebuild the image ?

Others might run into the same issue, so quickly writing down the answer for the problem would be great :slight_smile:

Yes, I had to add my keystore file in docker image so that I can access those credentials in the container.

FROM docker.elastic.co/logstash/logstash:7.3.2

RUN rm -f /usr/share/logstash/pipeline/logstash.conf

ADD logstash.yml /usr/share/logstash/config/logstash.yml
ADD logstash.conf /usr/share/logstash/pipeline/logstash.conf
ADD logstash.keystore /usr/share/logstash/config/logstash.keystore 

Which also means, I had to rebuild the image every time there was a change in keystore.

I was confused about defining every key in keystore if that needs to be accessible as environment variable, but after discussing it from here I realized that it's not the case.

I can access any environment variable passed in .conf file, even if that's not declared in keystore file. Declaring every environment variable in keystore is not mandatory.

It also helped me to understand that:

If the variable exists in the keystore, the value from the keystore is always used; only if it is missing from the keystore is it sourced from the environment.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.