Yes, I had to add my keystore file in docker image so that I can access those credentials in the container.
FROM docker.elastic.co/logstash/logstash:7.3.2
RUN rm -f /usr/share/logstash/pipeline/logstash.conf
ADD logstash.yml /usr/share/logstash/config/logstash.yml
ADD logstash.conf /usr/share/logstash/pipeline/logstash.conf
ADD logstash.keystore /usr/share/logstash/config/logstash.keystore
Which also means, I had to rebuild the image every time there was a change in keystore.
I was confused about defining every key in keystore if that needs to be accessible as environment variable, but after discussing it from here I realized that it's not the case.
I can access any environment variable passed in .conf file, even if that's not declared in keystore file. Declaring every environment variable in keystore is not mandatory.
It also helped me to understand that:
If the variable exists in the keystore, the value from the keystore is always used; only if it is missing from the keystore is it sourced from the environment.