Is it possible to use secrets from Elasticsearch keystore in ES Watcher actions?

I use watchers that call custom webhooks in their actions sections. Can I refer keystore values in the Authorization headers similar to variables?

I need something similar to:

"actions": {
    "my-api-notification": {
      "webhook": {
        "scheme": "https",
        "host": "",
        "port": 443,
        "method": "post",
        "path": "/v1/es-alerts",
        "headers": {
          "Authorization": "KEY {{api_key.secret.staging}}",
          "Content-Type": "application/json"

where "api_key.secret.staging" is the name of the keystore field?

This didn't work in my case. Maybe you can suggest other options for storing shared secrets.

Hi @andrewthetack Welcome to the community!


EDIT : Actually... As I reread I think you're right. Here's a very important sentence. It looks like only password is supported

Also be aware, that there is no way to configure your own fields in a watch to be encrypted.

Perhaps someone else has an idea..

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.