Recommended way of storing credentials in Beats configuration file?

What is the recommended way of storing the credentials like username and passwords in the beats configuration file?
Our deployment is via terraform and ansible, which essentially stores the credentials in the environment.
Is this a good practice?
if not, what is the recommended practice?
Would like to get a pretty good picture on this as we are going to deal with healthcare client for this deployment.
Thanks in advance :slight_smile:

1 Like

Now, the best solution will be to stick to using keystore content especially for passwords.
https://www.elastic.co/guide/en/beats/filebeat/current/keystore.html#add-keys-to-keystore

For something like
cat /file/containing/setting/value | filebeat keystore add ES_PWD --stdin --force
and then use it in the yml file:
output.elasticsearch.password: "${ES_PWD}"

How to use that in ansible, I don't want to reinvent the wheel.
Here you should find a working example, you just need to translate it from kibana to filebeat command style:

The similar should be possible with a remote exec provisioner:

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.