Is it possible to use secrets from Elasticsearch keystore in ES Watcher actions?

andrewthetack · December 23, 2021, 3:20am

I use watchers that call custom webhooks in their actions sections. Can I refer keystore values in the Authorization headers similar to variables?

I need something similar to:

"actions": {
    "my-api-notification": {
      "webhook": {
        "scheme": "https",
        "host": "api.example.com",
        "port": 443,
        "method": "post",
        "path": "/v1/es-alerts",
        "headers": {
          "Authorization": "KEY {{api_key.secret.staging}}",
          "Content-Type": "application/json"
        },

where "api_key.secret.staging" is the name of the keystore field?

This didn't work in my case. Maybe you can suggest other options for storing shared secrets.

stephenb · December 23, 2021, 4:08am

Hi @andrewthetack Welcome to the community!

Hmmm

EDIT : Actually... As I reread I think you're right. Here's a very important sentence. It looks like only password is supported

Also be aware, that there is no way to configure your own fields in a watch to be encrypted.

Perhaps someone else has an idea..

system · January 20, 2022, 4:08am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Encrypting Sensitive Data in Watcher - How? Elasticsearch	4	857	July 23, 2018
Encrypt/hide custom headers in watchers Elasticsearch elastic-stack-monitoring , elastic-stack-alerting	1	334	March 10, 2021
How to use keystore for basic auth password for the input watch Elasticsearch elastic-stack-alerting	6	928	June 14, 2018
Authenticated webhook watcher integrations Elasticsearch elastic-stack-alerting	6	1153	September 7, 2018
Use template for webhook action in Watcher Elasticsearch elastic-stack-alerting	1	337	December 8, 2020

Is it possible to use secrets from Elasticsearch keystore in ES Watcher actions?

Related topics