Not a valid Logstash keystore error

security

(Sachin) #1

Hi,

I am using ELK 6.3.2 version and I have used below configuration steps for logstash keystore

set +o history
export LOGSTASH_KEYSTORE_PASS=mypassword
set -o history
logstash-keystore create
logstash-keystore add user
logstash-keystore add es_pwd

and modifed logstash.yml as below :
xpack.monitoring.elasticsearch.password: ${LOGSTASH_KEYSTORE_PASS}

and conf files as below:
input {
{elasticsearch{
hosts => ["{LOGSTASH_HOST}"] user => "{USER}"
password => "${ES_PWD}"
ssl => true
}
}

Error :

[2018-12-05T05:40:29,568][ERROR][logstash.agent ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"Java::OrgLogstashSecretStore::SecretStoreException::LoadException", :message=>"Found a file at /opt/guardian/conf/logstash/settings/logstash.keystore, but it is not a valid Logstash keystore.", :backtrace=>["org.logstash.secret.store.backend.JavaKeyStore.load(org/logstash/secret/store/backend/JavaKeyStore.java:265)", "org.logstash.secret.store.backend.JavaKeyStore.load(org/logstash/secret/store/backend/JavaKeyStore.java:40)", "org.logstash.secret.store.SecretStoreFactory.doIt(org/logstash/secret/store/SecretStoreFactory.java:107)", "org.logstash.secret.store.SecretStoreFactory.load(org/logstash/secret/store/SecretStoreFactory.java:93)", "java.lang.reflect.Method.invoke(java/lang/reflect/Method.java:498)", "org.jruby.javasupport.JavaMethod…

can anybody help me on this?


(Ioannis Kakavas) #2

Hi there,

LOGSTASH_KEYSTORE_PASS environment variable holds the password with which the logstash keystore is encrypted and not the password for accessing your elasticsearch node so you most probably should not set it to

xpack.monitoring.elasticsearch.password: ${LOGSTASH_KEYSTORE_PASS}

The problem you are facing is because the running instance of logstash doesn't have access to the LOGSTASH_KEYSTORE_PASS environment variable and as such cannot load and decrypt the keystore. As mentioned in our docs you need to make sure this environment variable is set and there are instructions here on how to do this when using the DEB or RPM packages


(Sachin) #3

@ikakavas Thank you for your response.

I agree , after setting environment variable as LOGSTASH_KEYSTORE_PASS it will work .
But without using logstash keystore also it will work , if we set the env variable .

Also the problem will be here as I do echo ${LOGSTASH_KEYSTORE_PASS} as I am using unix box, the password will be visible .

then its not secure way to configure password in environment files .