Logstash authentication to ES

security

(Mark Andre) #1

Hi all,
I'm trying to determine if there's a way to send log data via logstash pipelines into Elastic without having to use saved passwords in the pipeline config.
Is this possible?


(Ioannis Kakavas) #2

Hi there,

You have a couple of otpions:

  1. Use the Secrets keystore to set the password and then reference it by key in your Elasticsearch output plugin config

  2. If your ES node is (or can be) configured for PKI authentication, you can use a key and certificate stored in a JKS or PKCS#12 keystore to authenticate to Elasticsearch. Note that this option carries the side effect that if your JKS, or PKCS#12 keystores are password protected then you'd need to include this password in your config, which depending on your threat model can be as bad as having the Elasticsearch user password there.