Keystore is tampered with or corrupted, now what?

There is no documentation on how to recreate the elasticsearch-keystore when getting this message when trying to list or add keys to the keystore file:
Exception in thread "main" java.lang.SecurityException: Keystore has been corrupted or tampered with
at org.elasticsearch.common.settings.KeyStoreWrapper.decrypt(
at org.elasticsearch.common.settings.ListKeyStoreCommand.execute(
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(
at org.elasticsearch.cli.MultiCommand.execute(
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(
at org.elasticsearch.cli.Command.main(
at org.elasticsearch.common.settings.KeyStoreCli.main(

Do you have a series of steps to reproduce this problem? Did you try to tweak the keystore file in any way? This should only happen if the internals of the keystore have been modified without updating the keystore metadata.

It seems like it happened right after i added a key:value where the key is not one that is used at all (ie bad one), but it accepted it and let me enter a value for the bad key:
bin/elasticsearch-keystore add discovery.ec2.tag.Name

this happened on 2 separate machines with same ES 6.0/Kibana 6.0 and x-Pack installed on Ubuntu 16.04 (security turned off, just using it for monitoring) with nothing else on the machines. ES cluster is running still for one, i stopped and tried to restart on second machine but now i can't get the node(s) to start, and no logging is happening after I stopped the node(s)

I tried removing the bad key but it still gave me original error

What version of elasticsearch?


Thanks for reporting! I've identified the issue and have a fix out for review:

Unfortunately there is nothing you can do but recreate your keystore. With that PR, the keystore tool will no longer allow you to accidentally try to add a setting with uppercase letters (which is the underlying issue).

How do you recreate it?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.