Not a valid Logstash keystore error

sachintanpure85 · December 7, 2018, 2:37pm

Hi,

I am using ELK 6.3.2 version and I have used below configuration steps for logstash keystore

set +o history
export LOGSTASH_KEYSTORE_PASS=mypassword
set -o history
logstash-keystore create
logstash-keystore add user
logstash-keystore add es_pwd

and modifed logstash.yml as below :
xpack.monitoring.elasticsearch.password: ${LOGSTASH_KEYSTORE_PASS}

and conf files as below:
input {
{elasticsearch{
hosts => ["{LOGSTASH_HOST}"] user => "{USER}"
password => "${ES_PWD}"
ssl => true
}
}

Error :

[2018-12-05T05:40:29,568][ERROR][logstash.agent ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"Java::OrgLogstashSecretStore::SecretStoreException::LoadException", :message=>"Found a file at /opt/guardian/conf/logstash/settings/logstash.keystore, but it is not a valid Logstash keystore.", :backtrace=>["org.logstash.secret.store.backend.JavaKeyStore.load(org/logstash/secret/store/backend/JavaKeyStore.java:265)", "org.logstash.secret.store.backend.JavaKeyStore.load(org/logstash/secret/store/backend/JavaKeyStore.java:40)", "org.logstash.secret.store.SecretStoreFactory.doIt(org/logstash/secret/store/SecretStoreFactory.java:107)", "org.logstash.secret.store.SecretStoreFactory.load(org/logstash/secret/store/SecretStoreFactory.java:93)", "java.lang.reflect.Method.invoke(java/lang/reflect/Method.java:498)", "org.jruby.javasupport.JavaMethod…

can anybody help me on this?

ikakavas · December 12, 2018, 7:30am

Hi there,

LOGSTASH_KEYSTORE_PASS environment variable holds the password with which the logstash keystore is encrypted and not the password for accessing your elasticsearch node so you most probably should not set it to

xpack.monitoring.elasticsearch.password: ${LOGSTASH_KEYSTORE_PASS}

The problem you are facing is because the running instance of logstash doesn't have access to the LOGSTASH_KEYSTORE_PASS environment variable and as such cannot load and decrypt the keystore. As mentioned in our docs you need to make sure this environment variable is set and there are instructions here on how to do this when using the DEB or RPM packages

sachintanpure85 · December 12, 2018, 11:32am

@ikakavas Thank you for your response.

I agree , after setting environment variable as LOGSTASH_KEYSTORE_PASS it will work .
But without using logstash keystore also it will work , if we set the env variable .

Also the problem will be here as I do echo ${LOGSTASH_KEYSTORE_PASS} as I am using unix box, the password will be visible .

then its not secure way to configure password in environment files .

system · January 9, 2019, 11:36am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Not a valid keystore when running Logstash as a service Logstash	1	602	April 17, 2020
Logstash Keystore doesn't work Logstash elastic-stack-security	1	2138	May 19, 2020
Logstash not reading keystore file after upgrade to ELK 7.9 Logstash	2	793	September 22, 2020
Logstash keystore error after upgrade Logstash docker	1	478	June 18, 2021
Not a valid Logstash keystore java exception problem Logstash	3	78	August 22, 2024

Not a valid Logstash keystore error

Related topics